Can't create networking

(Amayo Dong) #1

(Banjot) #2

I think you haven’t configured your docker daemon correctly to use the swarm k-v store.

From the docs:
This error returns because the networking features rely on a key-value store. In a UCP environment, that key-value store is configured through UCP and protected by the Swarm TLS certificate chain. To avoid this error, you need to manually configure the Docker daemon to use UCP’s key-value store in a secure manner.

Check out the docs here to configure container networking:

(Amayo Dong) #3

I don’t config anything without the ucp ,
I run docker with Boot2Docker in the virtualbox,
when i use the docker-machine create boot2docker,
not configure the swarm.
when i run the ucp join ,
it create the swarm container ,
do i neet to configure it by myself?

My english isn’t well, Do you know what I mean?

(Jojojojo1234) #4

you need to configure docker daemon manually without UCP, just like @banjot said. Here is what i did and it works like charm: on every docker host do:

  1. stop docker on all hosts

  2. edit file /usr/lib/systemd/system/docker.service, make sure these two lines in [Service] section are there:

ExecStart=/usr/bin/docker daemon -H fd:// $OPTIONS

  1. Reload systemctl daemon:
    systemctl daemon-reload

  2. on every node create file with following content and replace “IP_OF_THIS_NODE” and “IP_OF_ETCD_STORE” with correct values:

touch /etc/sysconfig/docker

OPTIONS="–cluster-advertise “IP_OF_THIS_NODE”:12376 --cluster-store etcd://“IP_OF_ETCD_STORE”:12379 --cluster-store-opt kv.cacertfile=/var/lib/docker/discovery_certs/ca.pem --cluster-store-opt kv.certfile=/var/lib/docker/discovery_certs/cert.pem --cluster-store-opt kv.keyfile=/var/lib/docker/discovery_certs/key.pem"

NOTE: “IP_OF_ETCD_STORE” can be IP of your Swarm master, if you want to have your K/V store in swarm master


OPTIONS="–cluster-advertise --cluster-store etcd:// --cluster-store-opt kv.cacertfile=/var/lib/docker/discovery_certs/ca.pem --cluster-store-opt kv.certfile=/var/lib/docker/discovery_certs/cert.pem --cluster-store-opt kv.keyfile=/var/lib/docker/discovery_certs/key.pem"

  1. start docker engine only on swarm master (this will also start etcd)

  2. start rest of the swarm cluster nodes

  3. try to create overlay net again

Hope that helps

Found that need to use ucp-swarm-node-certs on UCP controller to enable multi-host networking