Docker swarm init : interface docker gwbridge

maxce · April 9, 2025, 3:23pm

Hi guys,

I want to create a swarm network with vJunos Evolved (linux based) and Ubuntu machine. I’m able to create a swarm with one host (ubuntu) and join with another host (junos) as manager.
But I don’t have any network and interface docker_gwbridge on my junosevolved.
Same If I create a swarm and a network on junos.
I think that this issue is linked with the fact that I’m not able to add a container to the network I created from Junos Evolved, same for docker service.

docker run -d --name test --network first-network alpine

180aa84963ad2b683d6d1d2de0a0d9572165fbfe848de0b9ec780f543167d9a4
docker: Error response from daemon: attaching to network failed, make sure your network options are correct and check manager logs: context deadline exceeded

How can I see these log ?

 docker network ls
NETWORK ID     NAME            DRIVER    SCOPE
t0v5glhjjswx   first-network   overlay   swarm
4ce5aaef985f   host            host      local
gn3x4eh5nsak   ingress         overlay   swarm
b7b0975d8605   none            null      local

docker inspect first-network
[
    {
        "Name": "first-network",
        "Id": "t0v5glhjjswxx3aqsonalm3ds",
        "Created": "2025-04-09T07:25:54.632403185Z",
        "Scope": "swarm",
        "Driver": "overlay",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "10.0.1.0/24",
                    "Gateway": "10.0.1.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Ingress": false,
        "ConfigFrom": {
            "Network": ""
        },
        "ConfigOnly": false,
        "Containers": null,
        "Options": {
            "com.docker.network.driver.overlay.vxlanid_list": "4097"
        },
        "Labels": null
    }
]

Thanks a lot to anyone that can help me.

rimelek · April 9, 2025, 9:04pm

That bridge is created when you initialize swarm, so maybe you should check the system logs using journalctl or docker daemon logs directly

journalctl -e -u docker

maxce · April 10, 2025, 7:42am

Hi, thanks a lot for your answer, here is what I got when I initialize the swarm :

time="2025-04-10T07:32:20.453203070Z" level=info msg="Node 6181a526b960/192.168.51.105, joined gossip cluster"
time="2025-04-10T07:32:20.453302039Z" level=info msg="Node 6181a526b960/192.168.51.105, added to nodes list"
time="2025-04-10T07:32:20.641357036Z" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4]"
time="2025-04-10T07:32:20.641477910Z" level=info msg="IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844]"
time="2025-04-10T07:32:20.815660979Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_nodest_conn" error="open /proc/sys/net/ipv4/vs/expire_nodest_conn: no such file or directory"
time="2025-04-10T07:32:20.815794492Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_quiescent_template" error="open /proc/sys/net/ipv4/vs/expire_quiescent_template: no such file or directory"
time="2025-04-10T07:32:20.815835478Z" level=error msg="error reading the kernel parameter net.ipv4.vs.conn_reuse_mode" error="open /proc/sys/net/ipv4/vs/conn_reuse_mode: no such file or directory"
time="2025-04-10T07:32:20.815880293Z" level=error msg="error reading the kernel parameter net.ipv4.vs.conn_reuse_mode" error="open /proc/sys/net/ipv4/vs/conn_reuse_mode: no such file or directory"
time="2025-04-10T07:32:20.815914784Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_nodest_conn" error="open /proc/sys/net/ipv4/vs/expire_nodest_conn: no such file or directory"
time="2025-04-10T07:32:20.815946397Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_quiescent_template" error="open /proc/sys/net/ipv4/vs/expire_quiescent_template: no such file or directory"
time="2025-04-10T07:32:20.815999461Z" level=error msg="error reading the kernel parameter net.ipv4.vs.conn_reuse_mode" error="open /proc/sys/net/ipv4/vs/conn_reuse_mode: no such file or directory"
time="2025-04-10T07:32:20.816031450Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_nodest_conn" error="open /proc/sys/net/ipv4/vs/expire_nodest_conn: no such file or directory"
time="2025-04-10T07:32:20.816063195Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_quiescent_template" error="open /proc/sys/net/ipv4/vs/expire_quiescent_template: no such file or directory"
time="2025-04-10T07:32:20.816097772Z" level=error msg="error reading the kernel parameter net.ipv4.vs.conn_reuse_mode" error="open /proc/sys/net/ipv4/vs/conn_reuse_mode: no such file or directory"
time="2025-04-10T07:32:20.816131705Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_nodest_conn" error="open /proc/sys/net/ipv4/vs/expire_nodest_conn: no such file or directory"
time="2025-04-10T07:32:20.816163878Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_quiescent_template" error="open /proc/sys/net/ipv4/vs/expire_quiescent_template: no such file or directory"
time="2025-04-10T07:32:21.654767617Z" level=warning msg="Peer operation failed:Unable to find the peerDB for nid:pt1pmvuejc5jfmzivbu1t6dsh op:&{3 pt1pmvuejc5jfmzivbu1t6dsh  [] [] [] [] false false false func1}"
time="2025-04-10T07:32:21.654770155Z" level=error msg="Failed creating ingress network: network sandbox join failed: subnet sandbox join failed for \"10.0.0.0/24\": error creating vxlan interface: file exists"
time="2025-04-10T07:37:20.453983441Z" level=info msg="NetworkDB stats R2(6181a526b960) - netID:pt1pmvuejc5jfmzivbu1t6dsh leaving:true netPeers:0 entries:0 Queue qLen:0 netMsg/s:0"

How can I handle it ?

Thanks again

Maxence

maxce · April 10, 2025, 10:39am

Hi again,

Because of my configuration junos cli), I need to use docker@vrf36738.service (with docker.service I’m not able to join a swarm as a manager).
In docker@vrf36738 I have no log exept :

journalctl -e -u docker@vrf36738

Apr 10 10:27:36 R2 jnet_docker_volume[3798]: INFO: remove jnet volume 'docker@vrf36738.jnet.vol' at '/run/docker-vrf36738/jnet'
Apr 10 10:27:36 R2 systemd[1]: docker@vrf36738.service: Deactivated successfully.
Apr 10 10:27:36 R2 systemd[1]: Stopped Docker Application Container Engine.
Apr 10 10:27:36 R2 systemd[1]: Starting Docker Application Container Engine...
Apr 10 10:27:40 R2 systemd[1]: Started Docker Application Container Engine.

The previous message was the log from docker.service when I init a docker swarm.

maxce · April 10, 2025, 2:56pm

When I init the swarm and the network with an ubuntu and join with a junos. I have theses logs when I tried to connect my contaoiner to the network from the junos..

journalctl -e

Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.153814248Z" level=warning msg="Peer operation failed:Unable to find the peerDB for nid:lnrh4jzb3gpumml5i99rbpra6 op:&{3 lnrh4jzb3gpumml5i99rbpra6  [] [] [] [] false false false func1}"
Apr 10 14:39:52 R1 systemd[1]: run-docker\x2dvrf36738-netns-lb_lnrh4jzb3.mount: Deactivated successfully.
Apr 10 14:39:52 R1 systemd[1]: run-docker\x2dvrf36738-netns-ingress_sbox.mount: Deactivated successfully.
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.301873991Z" level=info msg="initialized VXLAN UDP port to 4789 "
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.452456347Z" level=info msg="No non-localhost DNS nameservers are left in resolv.conf. Using default external servers: [nameserver 8.8.8.8 nameserver 8.8.4.4]"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.452501557Z" level=info msg="IPv6 enabled; Adding default IPv6 external servers: [nameserver 2001:4860:4860::8888 nameserver 2001:4860:4860::8844]"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.605755583Z" level=error msg="error reading the kernel parameter net.ipv4.vs.conn_reuse_mode" error="open /proc/sys/net/ipv4/vs/conn_reuse_mode: no such file or directory"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.605895839Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_nodest_conn" error="open /proc/sys/net/ipv4/vs/expire_nodest_conn: no such file or directory"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.605937126Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_quiescent_template" error="open /proc/sys/net/ipv4/vs/expire_quiescent_template: no such file or directory"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.605978503Z" level=error msg="error reading the kernel parameter net.ipv4.vs.conn_reuse_mode" error="open /proc/sys/net/ipv4/vs/conn_reuse_mode: no such file or directory"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.606014530Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_nodest_conn" error="open /proc/sys/net/ipv4/vs/expire_nodest_conn: no such file or directory"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.606056238Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_quiescent_template" error="open /proc/sys/net/ipv4/vs/expire_quiescent_template: no such file or directory"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.606103389Z" level=error msg="error reading the kernel parameter net.ipv4.vs.conn_reuse_mode" error="open /proc/sys/net/ipv4/vs/conn_reuse_mode: no such file or directory"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.606136350Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_nodest_conn" error="open /proc/sys/net/ipv4/vs/expire_nodest_conn: no such file or directory"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.606171371Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_quiescent_template" error="open /proc/sys/net/ipv4/vs/expire_quiescent_template: no such file or directory"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.606207307Z" level=error msg="error reading the kernel parameter net.ipv4.vs.conn_reuse_mode" error="open /proc/sys/net/ipv4/vs/conn_reuse_mode: no such file or directory"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.606241580Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_nodest_conn" error="open /proc/sys/net/ipv4/vs/expire_nodest_conn: no such file or directory"
Apr 10 14:39:52 R1 chvrf[26412]: time="2025-04-10T14:39:52.606275246Z" level=error msg="error reading the kernel parameter net.ipv4.vs.expire_quiescent_template" error="open /proc/sys/net/ipv4/vs/expire_quiescent_template: no such file or directory"
Apr 10 14:39:52 R1 systemd[1]: run-docker\x2dvrf36738-netns-1\x2d6caexxtv1b.mount: Deactivated successfully.
Apr 10 14:39:53 R1 kernel: br0: renamed from ov-001000-6caex
Apr 10 14:39:53 R1 systemd-udevd[3541]: Using default interface naming scheme 'v250'.
Apr 10 14:39:53 R1 kernel: vxlan0: renamed from vx-001000-6caex
Apr 10 14:39:53 R1 audit: ANOM_PROMISCUOUS dev=vxlan0 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
Apr 10 14:39:53 R1 kernel: br0: port 1(vxlan0) entered blocking state
Apr 10 14:39:53 R1 kernel: br0: port 1(vxlan0) entered disabled state
Apr 10 14:39:53 R1 kernel: device vxlan0 entered promiscuous mode
Apr 10 14:39:53 R1 audit[26412]: SYSCALL arch=c000003e syscall=44 success=yes exit=40 a0=2b a1=c000b71f50 a2=28 a3=0 items=0 ppid=1 pid=26412 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" subj=System key=(null)
Apr 10 14:39:53 R1 kernel: ov-001000-6caex: renamed from br0
Apr 10 14:39:53 R1 kernel: device vxlan0 left promiscuous mode
Apr 10 14:39:53 R1 kernel: ov-001000-6caex: port 1(vxlan0) entered disabled state
Apr 10 14:39:53 R1 audit: PROCTITLE proctitle=2F7573722F62696E2F646F636B657264002D4800756E69783A2F2F2F72756E2F646F636B65722D76726633363733382E736F636B002D2D646174612D726F6F743D2F7661722F657874656E73696F6E732F646F636B65722D7672663336373338002D2D657865632D726F6F743D2F72756E2F646F636B65722D76726633363733
Apr 10 14:39:53 R1 audit: ANOM_PROMISCUOUS dev=vxlan0 prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
Apr 10 14:39:53 R1 audit[26412]: SYSCALL arch=c000003e syscall=44 success=yes exit=32 a0=2b a1=c000cac940 a2=20 a3=0 items=0 ppid=1 pid=26412 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="dockerd" exe="/usr/bin/dockerd" subj=System key=(null)
Apr 10 14:39:53 R1 audit: PROCTITLE proctitle=2F7573722F62696E2F646F636B657264002D4800756E69783A2F2F2F72756E2F646F636B65722D76726633363733382E736F636B002D2D646174612D726F6F743D2F7661722F657874656E73696F6E732F646F636B65722D7672663336373338002D2D657865632D726F6F743D2F72756E2F646F636B65722D76726633363733
Apr 10 14:39:53 R1 chvrf[26412]: time="2025-04-10T14:39:53.161825570Z" level=warning msg="could not delete vxlan interface, vx-001000-6caex, error failed to find interface with name vx-001000-6caex: Link not found, after config error, failed to set link up: address already in use"
Apr 10 14:39:53 R1 kernel: br1: renamed from ov-001000-6caex
Apr 10 14:39:53 R1 systemd[1]: run-docker\x2dvrf36738-netns-ingress_sbox.mount: Deactivated successfully.
Apr 10 14:39:53 R1 chvrf[26412]: time="2025-04-10T14:39:53.444670683Z" level=error msg="Failed creating ingress network: network sandbox join failed: subnet sandbox join failed for \"10.0.0.0/24\": vxlan interface creation failed for subnet \"10.0.0.0/24\": failed to set link up: address already in use"
Apr 10 14:39:53 R1 chvrf[26412]: time="2025-04-10T14:39:53.445066219Z" level=error msg="failed removing container name resolution for cfd8e775deb5a29290da10bc925937c88bdc45a66149d98be9f77fb3a81f13b8 epRec:{ingress-endpoint   <nil> 10.0.0.2 [] [] [] false} err:network 6caexxtv1b0rw4xk1rj574py2 not found"
Apr 10 14:40:01 R1 CROND[3691]: (root) CMD (test ! -f /tmp/.pkid_sync_done && /usr/sbin/pkid-sync.sh > /dev/null 2>&1)
Apr 10 14:40:01 R1 CROND[3693]: (root) CMD (/usr/sbin/logrotate /etc/logrotate.d/libsi_logrotate.conf --state /var/lib/libsi_logrotate.status)
Apr 10 14:40:01 R1 CROND[3692]: (root) CMD (/bin/bash /usr/sbin/manage_fpc_logs.sh)
Apr 10 14:40:01 R1 CROND[3695]: (root) CMD (/usr/sbin/ehmd_logrotate_update.sh)
Apr 10 14:40:01 R1 CROND[3694]: (root) CMD (/usr/evo/fpc_log_symlink.sh)
Apr 10 14:40:01 R1 CROND[3686]: (root) CMDEND (test ! -f /tmp/.pkid_sync_done && /usr/sbin/pkid-sync.sh > /dev/null 2>&1)
Apr 10 14:40:01 R1 CROND[3688]: (root) CMDEND (/bin/bash /usr/sbin/manage_fpc_logs.sh)
Apr 10 14:40:01 R1 CROND[3689]: (root) CMDEND (/usr/sbin/ehmd_logrotate_update.sh)
Apr 10 14:40:01 R1 CROND[3690]: (root) CMDEND (/usr/evo/fpc_log_symlink.sh)
Apr 10 14:40:01 R1 CROND[3687]: (root) CMDEND (/usr/sbin/logrotate /etc/logrotate.d/libsi_logrotate.conf --state /var/lib/libsi_logrotate.status)
Apr 10 14:40:10 R1 systemd[1]: var-extensions-docker\x2dvrf36738-overlay2-80957c0fa9cc49f96c83b936aeba4d6dd75e1747e0d62f93cfce8b78416c776e-merged.mount: Deactivated successfully.
Apr 10 14:40:10 R1 chvrf[26412]: time="2025-04-10T14:40:10.911508976Z" level=error msg="3e0a2e46ff61e01303176e7780340fbee40a055537456e4bce750dc1ec49db91 cleanup: failed to delete container from containerd: no such container"
Apr 10 14:40:10 R1 chvrf[26412]: time="2025-04-10T14:40:10.911628456Z" level=error msg="Handler for POST /v1.41/containers/3e0a2e46ff61e01303176e7780340fbee40a055537456e4bce750dc1ec49db91/start returned error: attaching to network failed, make sure your network options are correct and check manager logs: context deadline exceeded"

bluepuma77 · April 10, 2025, 4:30pm

Why do you expect regular Docker to run on a highly modified Linux system?

Junos OS Evolved is a unified, end-to-end network operating system

Check the list of officially supported OSs (doc).

rimelek · April 11, 2025, 9:29pm

Now that you have these errors, you can try to find what is causing it. I would tell you if I knew, but I could find issues related to Kubernetes and even Docker without using any of these keywords. For example:

github.com/moby/libnetwork

Error creating vxlan interface: file exists

opened 08:33PM - 18 May 17 UTC

discotroy

Previous related threads: - https://github.com/docker/libnetwork/issues/562 …- https://github.com/docker/libnetwork/issues/751 - https://github.com/docker/libnetwork/issues/945 - https://github.com/moby/moby/issues/21482 - https://github.com/moby/moby/issues/28559 Comment at the current tail-end of #945 recommends opening a new ticket. I couldn't find one opened by the original poster, so here we go. I've been using swarm for the past couple of months, and frequently hit upon this problem. I have a modest swarm (~8-9 nodes) all running Ubuntu 16.04, now with Docker 17.05-ce on. There is not a great amount of container churn, but I do use a stack yaml file to deploy ~20 services across ~20 encrypted overlay networks. I tend to find that after a couple of `stack deploy` / `stack rm` cycles, my containers get killed at startup with the "Error creating vxlan: file exists" error. This prevents the containers coming up on a host and forces them to attempt to relocate, which may / may not work. I have noted in the above issues that the problems are, several times over, thought to have been rectified, but yet always creep back in for various users. To rectify the issue, I have tried rebooting the node, restarting iptables, removing the stack and re-creating, all of which work to varying degrees but are most definitely workarounds and not solutions. I cannot think how I can attempt to reproduce this error, but if anyone wants to suggest ways to debug, I am at your service.

Someone says a reboot solved it, someone else says it had to do something with Docker not cleaning up when deleting a container. I don’t know, but you can try a reboot if you havent tried it yet.

I don’t know what to expect on Junos either. Good that @bluepuma77 noticed that in your message because somehow I focused on Ubuntu. So Junos is not supported by Docker officially, but the Junos OS developers or community may have found a way to install it, but I could not find it. Can you share a link that you used to install it? I found only this which mentions only starting Docker, not installing. Except they linked the getting started which can lead you to the “Get Docker” page, which eventually leads you to the page that @bluepuma77 linked about the officially supported distributions and how you can try to install from binaries which is not supported by Docker, it is just an option and if you are lucky, it works. Or if the developers of the distribution support their own way.

I can’t tell if your issue is caused by Junos OS or not, buf if I understand it correctly, you can initialize swarm on Ubuntu. When you do that, do you have the bridge on Ubuntu?

meyay · April 11, 2025, 9:59pm

You can run this command to check whether all required kernel modules are available:
curl --silent https://raw.githubusercontent.com/moby/moby/refs/heads/master/contrib/check-config.sh | bash

The only way to get guaranteed vanilla docker behavior, is to run docker-ce (and Docker Desktop to some extends) from dockers official repositories on a supported distribution. Docker packages provided by other sources may or may not be modified → their support channel is the maintainer of the package and/or the distribution’s community.

maxce · April 14, 2025, 8:27am

Hi @meyay , thanks a lot for your aswer,

Here is what I got with check-config.sh

JUNOS

Generally Necessary:
cgroup hierarchy: properly mounted [/sys/fs/cgroup]
CONFIG_NAMESPACES: enabled
CONFIG_NET_NS: enabled
CONFIG_PID_NS: enabled
CONFIG_IPC_NS: enabled
CONFIG_UTS_NS: enabled
CONFIG_CGROUPS: enabled
CONFIG_CGROUP_CPUACCT: enabled
CONFIG_CGROUP_DEVICE: enabled
CONFIG_CGROUP_FREEZER: enabled
CONFIG_CGROUP_SCHED: enabled
CONFIG_CPUSETS: enabled
CONFIG_MEMCG: enabled
CONFIG_KEYS: enabled
CONFIG_VETH: enabled (as module)
CONFIG_BRIDGE: enabled
CONFIG_BRIDGE_NETFILTER: enabled
CONFIG_IP_NF_FILTER: enabled (as module)
CONFIG_IP_NF_MANGLE: enabled (as module)
CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
CONFIG_IP6_NF_FILTER: enabled
CONFIG_IP6_NF_MANGLE: enabled
CONFIG_IP6_NF_TARGET_MASQUERADE: missing
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
CONFIG_NETFILTER_XT_MATCH_IPVS: missing
CONFIG_NETFILTER_XT_MARK: enabled (as module)
CONFIG_IP_NF_RAW: enabled (as module)
CONFIG_IP_NF_NAT: enabled (as module)
CONFIG_NF_NAT: enabled (as module)
CONFIG_IP6_NF_RAW: enabled
CONFIG_IP6_NF_NAT: enabled (as module)
CONFIG_NF_NAT: enabled (as module)
CONFIG_POSIX_MQUEUE: enabled
CONFIG_CGROUP_BPF: enabled
Optional Features:
-ONFIG_USER_NS: enabled
-ONFIG_SECCOMP: enabled
-ONFIG_SECCOMP_FILTER: enabled
-ONFIG_CGROUP_PIDS: enabled
-ONFIG_MEMCG_SWAP: enabled
    (cgroup swap accounting is currently enabled)
-ONFIG_LEGACY_VSYSCALL_EMULATE: enabled
-ONFIG_BLK_CGROUP: enabled
-ONFIG_BLK_DEV_THROTTLING: missing
-ONFIG_CGROUP_PERF: enabled
-ONFIG_CGROUP_HUGETLB: missing
-ONFIG_NET_CLS_CGROUP: enabled
-ONFIG_CGROUP_NET_PRIO: enabled
-ONFIG_CFS_BANDWIDTH: enabled
-ONFIG_FAIR_GROUP_SCHED: enabled
-ONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
-ONFIG_IP_VS: missing
-ONFIG_IP_VS_NFCT: missing
-ONFIG_IP_VS_PROTO_TCP: missing
-ONFIG_IP_VS_PROTO_UDP: missing
-ONFIG_IP_VS_RR: missing
-ONFIG_SECURITY_SELINUX: missing
-ONFIG_SECURITY_APPARMOR: missing
-ONFIG_EXT3_FS: enabled
-ONFIG_EXT3_FS_XATTR: missing
-ONFIG_EXT3_FS_POSIX_ACL: enabled
-ONFIG_EXT3_FS_SECURITY: enabled
    (enable these ext3 configs if you are using ext3 as backing filesystem)
-ONFIG_EXT4_FS: enabled
-ONFIG_EXT4_FS_POSIX_ACL: enabled
-ONFIG_EXT4_FS_SECURITY: enabled
-etwork Drivers:
  - "overlay":
    - CONFIG_VXLAN: enabled (as module)
    - CONFIG_BRIDGE_VLAN_FILTERING: missing
      Optional (for encrypted networks):
      - CONFIG_CRYPTO: enabled
      - CONFIG_CRYPTO_AEAD: enabled
      - CONFIG_CRYPTO_GCM: enabled
      - CONFIG_CRYPTO_SEQIV: enabled
      - CONFIG_CRYPTO_GHASH: enabled
      - CONFIG_XFRM: enabled
      - CONFIG_XFRM_USER: enabled (as module)
      - CONFIG_XFRM_ALGO: enabled
      - CONFIG_INET_ESP: enabled (as module)
      - CONFIG_NETFILTER_XT_MATCH_BPF: missing
  - "ipvlan":
    - CONFIG_IPVLAN: missing
  - "macvlan":
    - CONFIG_MACVLAN: enabled (as module)
    - CONFIG_DUMMY: enabled (as module)
  - "ftp,tftp client in container":
    - CONFIG_NF_NAT_FTP: enabled (as module)
    - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
    - CONFIG_NF_NAT_TFTP: enabled (as module)
    - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
-torage Drivers:
  - "btrfs":
    - CONFIG_BTRFS_FS: enabled
    - CONFIG_BTRFS_FS_POSIX_ACL: enabled
  - "overlay":
    - CONFIG_OVERLAY_FS: enabled (as module)
  - "zfs":
    - /dev/zfs: missing
    - zfs command: missing
    - zpool command: missing

Limits:
-proc/sys/kernel/keys/root_maxkeys: 1000000

UBUNTU

Generally Necessary:
cgroup hierarchy: properly mounted [/sys/fs/cgroup]
apparmor: enabled and tools installed
CONFIG_NAMESPACES: enabled
CONFIG_NET_NS: enabled
CONFIG_PID_NS: enabled
CONFIG_IPC_NS: enabled
CONFIG_UTS_NS: enabled
CONFIG_CGROUPS: enabled
CONFIG_CGROUP_CPUACCT: enabled
CONFIG_CGROUP_DEVICE: enabled
CONFIG_CGROUP_FREEZER: enabled
CONFIG_CGROUP_SCHED: enabled
CONFIG_CPUSETS: enabled
CONFIG_MEMCG: enabled
CONFIG_KEYS: enabled
CONFIG_VETH: enabled (as module)
CONFIG_BRIDGE: enabled (as module)
CONFIG_BRIDGE_NETFILTER: enabled (as module)
CONFIG_IP_NF_FILTER: enabled (as module)
CONFIG_IP_NF_MANGLE: enabled (as module)
CONFIG_IP_NF_TARGET_MASQUERADE: enabled (as module)
CONFIG_IP6_NF_FILTER: enabled (as module)
CONFIG_IP6_NF_MANGLE: enabled (as module)
CONFIG_IP6_NF_TARGET_MASQUERADE: enabled (as module)
CONFIG_NETFILTER_XT_MATCH_ADDRTYPE: enabled (as module)
CONFIG_NETFILTER_XT_MATCH_CONNTRACK: enabled (as module)
CONFIG_NETFILTER_XT_MATCH_IPVS: enabled (as module)
CONFIG_NETFILTER_XT_MARK: enabled (as module)
CONFIG_IP_NF_RAW: enabled (as module)
CONFIG_IP_NF_NAT: enabled (as module)
CONFIG_NF_NAT: enabled (as module)
CONFIG_IP6_NF_RAW: enabled (as module)
CONFIG_IP6_NF_NAT: enabled (as module)
CONFIG_NF_NAT: enabled (as module)
CONFIG_POSIX_MQUEUE: enabled
CONFIG_CGROUP_BPF: enabled

Optional Features:
CONFIG_USER_NS: enabled
CONFIG_SECCOMP: enabled
CONFIG_SECCOMP_FILTER: enabled
CONFIG_CGROUP_PIDS: enabled
CONFIG_MEMCG_SWAP: enabled
CONFIG_MEMCG_SWAP_ENABLED: missing
    (cgroup swap accounting is currently not enabled, you can enable it by setting boot option "swapaccount=1")
CONFIG_BLK_CGROUP: enabled
CONFIG_BLK_DEV_THROTTLING: enabled
CONFIG_CGROUP_PERF: enabled
CONFIG_CGROUP_HUGETLB: enabled
CONFIG_NET_CLS_CGROUP: enabled (as module)
CONFIG_CGROUP_NET_PRIO: enabled
CONFIG_CFS_BANDWIDTH: enabled
CONFIG_FAIR_GROUP_SCHED: enabled
CONFIG_IP_NF_TARGET_REDIRECT: enabled (as module)
CONFIG_IP_VS: enabled (as module)
CONFIG_IP_VS_NFCT: enabled
CONFIG_IP_VS_PROTO_TCP: enabled
CONFIG_IP_VS_PROTO_UDP: enabled
CONFIG_IP_VS_RR: enabled (as module)
CONFIG_SECURITY_SELINUX: enabled
CONFIG_SECURITY_APPARMOR: enabled
CONFIG_EXT4_FS: enabled
CONFIG_EXT4_FS_POSIX_ACL: enabled
CONFIG_EXT4_FS_SECURITY: enabled
Network Drivers:
  - "overlay":
    - CONFIG_VXLAN: enabled (as module)
    - CONFIG_BRIDGE_VLAN_FILTERING: enabled
      Optional (for encrypted networks):
      - CONFIG_CRYPTO: enabled
      - CONFIG_CRYPTO_AEAD: enabled
      - CONFIG_CRYPTO_GCM: enabled
      - CONFIG_CRYPTO_SEQIV: enabled
      - CONFIG_CRYPTO_GHASH: enabled
      - CONFIG_XFRM: enabled
      - CONFIG_XFRM_USER: enabled (as module)
      - CONFIG_XFRM_ALGO: enabled (as module)
      - CONFIG_INET_ESP: enabled (as module)
      - CONFIG_NETFILTER_XT_MATCH_BPF: enabled (as module)
  - "ipvlan":
    - CONFIG_IPVLAN: enabled (as module)
  - "macvlan":
    - CONFIG_MACVLAN: enabled (as module)
    - CONFIG_DUMMY: enabled (as module)
  - "ftp,tftp client in container":
    - CONFIG_NF_NAT_FTP: enabled (as module)
    - CONFIG_NF_CONNTRACK_FTP: enabled (as module)
    - CONFIG_NF_NAT_TFTP: enabled (as module)
    - CONFIG_NF_CONNTRACK_TFTP: enabled (as module)
Storage Drivers:
  - "btrfs":
    - CONFIG_BTRFS_FS: enabled (as module)
    - CONFIG_BTRFS_FS_POSIX_ACL: enabled
  - "overlay":
    - CONFIG_OVERLAY_FS: enabled (as module)
  - "zfs":
    - /dev/zfs: present
    - zfs command: missing
    - zpool command: missing

Limits:
/proc/sys/kernel/keys/root_maxkeys: 1000000

So Is there a way to install this ?
-ONFIG_IP_VS
-ONFIG_IP_VS_NFCT
-ONFIG_IP_VS_PROTO_TCP
-ONFIG_IP_VS_PROTO_UDP
-ONFIG_IP_VS_RR:
-ONFIG_SECURITY_SELINUX
-ONFIG_SECURITY_APPARMOR

Have a nice day and thanks again for your precious help,
Maxence

maxce · April 14, 2025, 8:38am

Hi @rimelek,

Docker is natively install on junos evolved. That is why I was interested about configure docker swarm on Junos.
On Ubunutu everything works fine, I used the same bridge on my Proxmox Hypervisor (Host ubunutu and Host Junos). That is why I compared my vm Ubuntu and vJunos Evolved.

Unfortunatelly a reboot didn’t fixed anything…

Here is the docker version natively install on junos evolved :

[vrf:none] root@R1:~# docker version
Client:
 Version:           20.10.25-ce
 API version:       1.41
 Go version:        go1.17.13
 Git commit:        911449ca24
 Built:             Mon Nov 25 19:58:21 2024
 OS/Arch:           linux/amd64
 Context:           default
 Experimental:      true

Server:
 Engine:
  Version:          20.10.25-ce
  API version:      1.41 (minimum version 1.12)
  Go version:       go1.17.13
  Git commit:       791d8ab87747169b4cbfcdf2fd57c81952bae6d5
  Built:            Wed Aug  2 05:50:16 2023
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          v1.6.19.m
  GitCommit:        1e1ea6e986c6c86565bc33d52e34b81b3e2bc71f.m
 runc:
  Version:          1.1.5
  GitCommit:        v1.1.5-0-gf19387a6-dirty
 docker-init:
  Version:          0.19.0
  GitCommit:        b9f42a0-dirty

Thanks a lot for your help in solving this issue !
Have a nice day,

Maxence

meyay · April 14, 2025, 5:46pm

Sure, you “just” need to compile your own kernel, with those modules enabled. I hope the Junos OS Evolved community is able to give you the right pointers about what needs to be done.

Note: kernel compilation is not required on any officially supported distros, as their kernels already come with the required modules out of the box.

maxce · April 15, 2025, 10:18am

Hi @meyay,

Ok understood ! Thanks for your help.

Topic		Replies	Views
Not able to attach containers to overlay network in docker swarm General	2	232	May 16, 2024
Can't attach a standalone container to a multi-host overlay network General docker , swarm	20	6254	November 23, 2021
Ingress network in present, but docker service fails to create Swarm swarm	1	7810	January 21, 2018
Docker swarm init - network docker_gwbridge not creating Swarm swarm	2	3284	October 22, 2018
Can't attach container to overlay network with Ipv6 enabled Swarm swarm	0	256	May 22, 2024

Docker swarm init : interface docker gwbridge

Related topics