[CentOS] Docker swarm service misconfigured in FirewallD / CentOS 7

Nicolas Kovacs

info at microlinux.fr
Thu Aug 13 08:27:05 UTC 2020


Hi,

I'm currently fiddling with Docker Swarm on three sandbox servers running
CentOS 7.

Unfortunately I couldn't get even the most basic configuration running. After
some experimenting and investigating, it turns out there's a problem with
FirewallD.

Here's what I did first on every single node.

# firewall-cmd --permanent --add-service=docker-swarm
# firewall-cmd --reload

I launched a simple web service like this:

# docker service create --name web -p 80:80 nginx

My three nodes appear correctly with 'docker node ls'.

>From here, I should be able to open the Nginx default web page in a web browser
using any node's hostname.

But nothing happens. No page is loaded.

On a whim, I turned off FirewallD, and suddenly everything worked as expected.

Now here's the list of ports that have to be open on every single node for
Docker Swarm to work:

  * 2376/tcp
  * 2377/tcp
  * 7946/tcp
  * 7946/udp
  * 4789/udp

And here's what docker-swarm.xml looks like under CentOS 7:

# cat /usr/lib/firewalld/services/docker-swarm.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Docker integrated swarm mode</short>
  <description>Natively managed cluster of Docker Engines (>=1.12.0), where you
deploy services.</description>
  <port port="2377" protocol="tcp"/>
  <port port="7946" protocol="tcp"/>
  <port port="7946" protocol="udp"/>
  <port port="4789" protocol="udp"/>
  <protocol value="esp"/>
</service>

So it looks like TCP port 2376 was forgotten in that service definition.

I opened it up manually on every node:

# firewall-cmd --permanent --add-port=2376/tcp
# firewall-cmd --reload

And now Docker Swarm works correctly.

Cheers from the sunny South of France,

Niki Kovacs


-- 
Microlinux - Solutions informatiques durables
7, place de l'église - 30730 Montpezat
Site : https://www.microlinux.fr
Blog : https://blog.microlinux.fr
Mail : info at microlinux.fr
Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12


More information about the CentOS mailing list