Hi there, using Docker Cloud Bring Your Own Node (BYON). We have some private infrastructure set up behind a router, and none of our nodes have a public IP. Although the firewall in each node is turned off, we’ve allowed TCP/UDP traffic to pass on the ports recommended by Docker Cloud.
It would appear that the dockercloud-agent is unable to set up a reverse tunnel from our private infrastructure. I’ve browsed the documentation extensively to determine the settings for our nodes, and as far as I can see we are following everything properly. The only difference is that each node does not have a public IP. Can someone please help clarify what settings need to be in place for a setup like ours?
Update: a copy/paste from our logs
2016/06/22 11:13:48 UUID has been changed from to blahblahabc123 2016/06/22 11:13:48 Updating configuration file... 2016/06/22 11:13:48 New TLS certificates generated 2016/06/22 11:13:48 Registering in Docker Cloud via PATCH: https://cloud.docker.com/api/agent/v1/node/blahblahabc123 2016/06/22 11:13:49 Downloading docker binary... 2016/06/22 11:13:49 Downloading docker definition from https://cloud.docker.com/api/tutum/v1/agent/docker/1.9.1-cs2/1.1.0.json 2016/06/22 11:13:49 Downloading docker from https://files.cloud.docker.com/packages/docker/docker-1.9.1-cs2.tgz 2016/06/22 11:13:50 Saving docker to /usr/bin/ 2016/06/22 11:13:50 Uncompressing: /usr/bin/._docker 2016/06/22 11:13:50 Uncompressing: /usr/bin/docker 2016/06/22 11:13:51 Found docker: version 1.9.1-cs2 2016/06/22 11:13:51 Initializing docker daemon 2016/06/22 11:13:51 Loading NAT tunnel module 2016/06/22 11:13:51 Verifying the registration with Docker Cloud 2016/06/22 11:13:51 Docker server started. Entering maintenance loop 2016/06/22 11:13:51 Waiting for docker unix socket to be ready 2016/06/22 11:13:51 Starting docker daemon: [/usr/bin/docker daemon -H unix:///var/run/docker.sock -H tcp://0.0.0.0:2375 --userland-proxy=false --tlscert /etc/dockercloud/agent/cert.pem --tlskey /etc/dockercloud/agent/key.pem --tlscacert /etc/dockercloud/agent/ca.pem --tlsverify] 2016/06/22 11:13:51 Docker daemon (PID:2598) has been started 2016/06/22 11:13:53 Docker unix socket opened 2016/06/22 11:13:53 Node blahblahabc123.node.dockerapp.io is publicly reachable 2016/06/22 11:18:55 Node registration to https://cloud.docker.com/ succeeded
Note above what we had to do here was deploy the node, and it appears the NAT tunnel for a moment started to set itself up. However after waiting 5 minutes, we opened 2375/tcp from our router only to then have the node publicly reachable. However, even after we close 2375/tcp Docker Cloud thinks the node is unreachable but the node itself fails to detect this in state.