Docker Swarm / Docker-in-Docker Container Communication

jamiejackson · July 3, 2017, 10:56pm

I’m playing with Docker Swarm by using a swarm of dind containers.

However, I can’t access one container from another. For instance, I need to be able to reach master from slave. I seem to be able to ping it, but I can’t access it over 3306 or 3307.

Here’s my configuration, including the swarm bootstrapping, the docker compose configuration, and the way I’m starting the stack:

gist.github.com

https://gist.github.com/jamiejackson/df318fb656115f2e72f819f7f50c9d1a#file-bootstrap_swarm-sh-L41-L50

bootstrap_swarm.sh

#!/bin/bash

# https://codefresh.io/blog/deploy-docker-compose-v3-swarm-mode-cluster/

# vars
[ -z "$NUM_WORKERS" ] && NUM_WORKERS=3

# init swarm (need for service command); if not created
docker node ls 2> /dev/null | grep "Leader"
if [ $? -ne 0 ]; then

This file has been truncated. show original

docker-compose.swarm.yml

version: '3'
services:

  master:
    image: jamiejackson/mariadb-replication:10.2
    ports:
      - "3307:3306"
    restart: unless-stopped
    environment:
      - MYSQL_ALLOW_EMPTY_PASSWORD=1

This file has been truncated. show original

start

docker stack deploy --compose-file=docker-compose.swarm.yml db

I highlighted the kitchen sink port publishing–it was an(other failed) attempt at getting communication working.

I’m probably doing multiple things wrong here.

jamiejackson · July 7, 2017, 11:50pm

As far as I can tell, this actually does work, but only in Docker for Mac. I’d been trying to run it in a (Vagrant) Ubuntu 14.04 VM, but it’s not working there.

Any idea what I’d need to tweak to run it in Vagrant? The only difference I know between the two is that in Docker for Mac, I don’t need to use an explicit --advertise-addr for docker swarm init, but in the Ubuntu VM, it complains if I don’t use something. It’s possible that I’m not doing that part right, but I don’t know how to figure that out.

jpetazzo · July 10, 2017, 12:42pm

I see that you are using an explicit IP address with the --advertise-addr flag. I would suggest to use an interface name, because interface names are less likely to change in a specific scenario (and you’re less likely to end up with a broken setup if the IP address changes).

Would you also be able to simplify the setup, i.e. explain which nodes are setup how, and which commands work and which don’t? (You indicated “ping works” for instance.) Good luck!

jamiejackson · July 10, 2017, 6:40pm

Hi @jpetazzo, thanks for the reply!

I created a repo with a project that is ready to run. I need to be able to reach master:3306 (db_master service) from db_slave. As I mentioned, this setup works on Docker for Mac, but I can’t get it working in a Docker-ready (Vagrant) VM.

I tried eth0 and eth1 as the advertise-addr, but neither seems to work.

jpetazzo · July 11, 2017, 2:15pm

Unfortunately, when I try vagrant up, I get the following error:

Vagrant:
* Unknown configuration section 'vbguest'.

Since I had an older version of Vagrant, I updated it; now it’s up-to-date:

moonshine:vagrant-dind-swarm jp$ vagrant version
Installed Version: 1.9.7
Latest Version: 1.9.7

You're running an up-to-date version of Vagrant!

But I’m still getting the same error

jamiejackson · July 11, 2017, 2:45pm

Thanks for trying it! I inadvertently had a reference to a plugin that you don’t have (and don’t need).

Fixed: https://github.com/jamiejackson/vagrant-dind-swarm/commit/2c2e10d9499ea4f22223e29fcb7b16b9c5c521bd

jamiejackson · July 19, 2017, 2:52pm

Bump. (Anybody?)

jamiejackson · September 9, 2017, 2:35am

Bump bumpety bump bump.

trajano · February 7, 2018, 1:08pm

When you say “docker-in-docker” are you actually running docker itself and setting up a swarm inside another docker container? Rather than say a VM where docker is installed?

I do hear from my colleague that this is the newer approach rather than using Vagrant or Salt Scripts. I am guessing because it is easier to deal with rolling docker updates that way.

As for myself I use Vagrant to set up my VMs except for the primary master which I hand built while I was learning. One key thing I was missing was the firewall rules needed to be setup correctly

TCP port 2376 for secure Docker client communication. This port is required for Docker Machine to work. Docker Machine is used to orchestrate Docker hosts.
TCP port 2377. This port is used for communication between the nodes of a Docker Swarm or cluster. It only needs to be opened on manager nodes.
TCP and UDP port 7946 for communication among nodes (container network discovery).
UDP port 4789 for overlay network traffic (container ingress networking).