Docker swarm / service do not bind on ipv4 only on ipv6!

cberthe067 · September 17, 2023, 4:09pm

I just create a 3 node Docker Swarm !

The problem is that each service create with

docker swarm deploy
docker service

can create the running container without problem but …

These container are only bind to ipv6

netstat give only ipv6 bind as also lsof -i -n command ! => NO IPv4 LISTENER !!!

How could i configure my cluster to listen to IPv4 ???

I already check sysctl value for net.* and all value are seems to be correct …

Do you have an idea how to solve this problem ?

Exemple

docker service create --name portainer-ee --replicas 1 --publish published=9444,target=9443,mode=ingress portainer/portainer-ee

get service running :

ID NAME MODE REPLICAS IMAGE PORTS
lvsd2ngshcqm portainer-ee replicated 1/1 portainer/portainer-ee:latest *:9444->9443/tcp

Netstat

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.54:53 0.0.0.0:* LISTEN 996 3909664 103/systemd-resolve
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 0 3909998 403/master
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 996 3909662 103/systemd-resolve
tcp 0 0 127.0.0.1:38495 0.0.0.0:* LISTEN 0 3908839 121/containerd
tcp6 0 0 :::9444 :::* LISTEN 0 4342910 5347/dockerd
tcp6 0 0 ::1:25 :::* LISTEN 0 3909999 403/master
tcp6 0 0 :::22 :::* LISTEN 0 3909669 1/init
tcp6 0 0 :::2377 :::* LISTEN 0 4268329 5347/dockerd
tcp6 0 0 :::7946 :::* LISTEN 0 4262637 5347/dockerd

No IPv4 for port 9444 !!!

lsof

COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
systemd 1 root 41u IPv6 3909669 0t0 TCP *:ssh (LISTEN)
systemd-r 103 systemd-resolve 13u IPv4 3909661 0t0 UDP 127.0.0.53:domain
systemd-r 103 systemd-resolve 14u IPv4 3909662 0t0 TCP 127.0.0.53:domain (LISTEN)
systemd-r 103 systemd-resolve 15u IPv4 3909663 0t0 UDP 127.0.0.54:domain
systemd-r 103 systemd-resolve 16u IPv4 3909664 0t0 TCP 127.0.0.54:domain (LISTEN)
container 121 root 10u IPv4 3908839 0t0 TCP 127.0.0.1:38495 (LISTEN)
sshd 130 root 3u IPv6 3909669 0t0 TCP *:ssh (LISTEN)
master 403 root 13u IPv4 3909998 0t0 TCP 127.0.0.1:smtp (LISTEN)
master 403 root 14u IPv6 3909999 0t0 TCP [::1]:smtp (LISTEN)
dockerd 5347 root 16u IPv6 4262637 0t0 TCP *:7946 (LISTEN)
dockerd 5347 root 20u IPv6 4268329 0t0 TCP *:2377 (LISTEN)
dockerd 5347 root 21u IPv4 4264899 0t0 TCP 10.0.0.196:48334->10.0.0.196:2377 (ESTABLISHED)
dockerd 5347 root 24u IPv6 4267570 0t0 TCP 10.0.0.196:2377->10.0.0.196:48334 (ESTABLISHED)
dockerd 5347 root 28u IPv6 4262638 0t0 UDP *:7946
dockerd 5347 root 32u IPv6 4268444 0t0 TCP 10.0.0.196:2377->10.0.0.195:42062 (ESTABLISHED)
dockerd 5347 root 35u IPv6 4270172 0t0 TCP 10.0.0.196:2377->10.0.0.194:42044 (ESTABLISHED)
dockerd 5347 root 45u IPv6 4342910 0t0 TCP *:9444 (LISTEN)

No IPv4 for port 9444

For the 2 commands only listening on IPv6 !!!

How to solve this problem to also listen on IPv4 ! IPv6 not forward to IPv4 for Docker …

Thanks,

bluepuma77 · September 18, 2023, 4:48am

Does your node have an IPv4 address? Try hostname -I.

cberthe067 · September 18, 2023, 7:31am

Yes,

root@Docker:~# hostname -I
10.0.0.196 172.20.0.1 172.17.0.1 172.18.0.1

I already investigate a lot of time on this problem without finding the culprit of this …

Thanks,

cberthe067 · September 18, 2023, 7:32am

Here also my docker info

root@Docker:~# docker info
Client:
Version: 24.0.5
Context: default
Debug Mode: false

Server:
Containers: 2
Running: 1
Paused: 0
Stopped: 1
Images: 6
Server Version: 24.0.5
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Using metacopy: false
Native Overlay Diff: false
userxattr: true
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: active
NodeID: ujeodmiw62occmi68af00w66s
Is Manager: true
ClusterID: jey0eivw48rcxk1e34hnsmbo8
Managers: 1
Nodes: 3
Default Address Pool: 10.0.0.0/8
SubnetSize: 24
Data Path Port: 4789
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 10.0.0.196
Manager Addresses:
10.0.0.196:2377
Runtimes: io.containerd.runc.v2 runc
Default Runtime: runc
Init Binary: docker-init
containerd version:
runc version:
init version:
Security Options:
apparmor
seccomp
Profile: builtin
cgroupns
Kernel Version: 6.2.16-12-pve
Operating System: Ubuntu 23.04
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 8GiB
Name: Docker
ID: c976e8f3-32d1-4dbd-871a-5f610efbe98e
Docker Root Dir: /var/lib/docker
Debug Mode: false
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false

cberthe067 · September 18, 2023, 8:06am

Hi,

After some investigation, this is what i found …

I leave all node from swarm (also the Leading node), so i’m back to single docker

when running my container, it bind well to ipv4 and ipv6 !

When doing the swarm init, then container only bind to ipv6 and i do not know why, even passing parameters to swarm init with host ip v4 for --listen* and -addr* do not solve the problem !

I do not know what to do … Is it a bug in docker ? or Ubuntu 23 ? Don’t know …

hebidu · September 18, 2023, 9:12am

same problem same problem

bluepuma77 · September 18, 2023, 9:56am

Setup 2 VMs with Ubuntu 22.04, then updated to 23 and installed Docker via convenience script.

sudo apt update && sudo apt upgrade -y
sudo nano /etc/update-manager/release-upgrades # Prompt=LTS -> Prompt=normal
sed -i 's/jammy/lunar/g' /etc/apt/sources.list
cat /etc/os-release

reboot

curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

docker swarm init --advertise-addr 1.2.3.4
# docker swarm join ...

wget https://raw.githubusercontent.com/bluepuma77/traefik-best-practice/main/docker-swarm-traefik/docker-compose.yml
docker stack deploy -c docker-compose.yml traefik

# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      2060/docker-proxy
tcp        0      0 127.0.0.54:53           0.0.0.0:*               LISTEN      417/systemd-resolve
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      2018/docker-proxy
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      417/systemd-resolve
tcp6       0      0 :::80                   :::*                    LISTEN      2071/docker-proxy
tcp6       0      0 :::22                   :::*                    LISTEN      1/init
tcp6       0      0 :::443                  :::*                    LISTEN      2032/docker-proxy

For me it works.

cberthe067 · September 18, 2023, 11:17am

I may finally found the culprit of the story on running docker on … LXC container in proxmox !

It seems that docker is running fine but as soon as you use swarm, it seems that then completly broken !

The advice was to run docker in vm !

I will try this and return here to give my conclusion …

cberthe067 · September 18, 2023, 12:47pm

Did install a VM with lite linux distribution Alpine, and install docker ! Same problem no binding on ipv4 …

I give up for now … swarm get me crazy !

bluepuma77 · September 18, 2023, 5:24pm

Have you tried with plain Ubuntu 22 in your infrastructure?

Bard says there might be relevant changes:

Yes, there are a few firewall changes in Ubuntu 23. The most notable change is that UFW is now enabled by default. This means that all incoming and outgoing traffic will be blocked by default, unless you explicitly allow it.

cberthe067 · September 19, 2023, 3:09pm

Did not try with Ubuntu 22 but with a much lighter linux distribution Alpine Linux (small footprint) in VM, same problem with swarm … only binding on IPv6 … I will try with Ubuntu 22 as soon as i have free time …

cberthe067 · September 19, 2023, 3:36pm

Just install Ubuntu 22 and docker packages from ubuntu repository and same problem only binding on IPv6 in swarm mode …

bluepuma77 · September 20, 2023, 10:19am

What’s your infrastructure around?

As stated above, I did fresh installs of Ubuntu 22/23 with updates and a fresh Swarm install on 2 Cloud-VMs and it worked.

cberthe067 · September 20, 2023, 1:49pm

I’m running a cluster 3 nodes proxmox with ceph storage.

Running Ubuntu 22 & 23 with apparmor running …

I created a VM with Ubuntu 22 & 23, and installed docker using the standard ubuntu repository with the following command :

apt-get install docker.io docker-compose

After that docker is running in standalone mode and i can create a container using portainer/portainer-ce for example …

After i launch the following command to be in swarm mode

docker swarm join init

This give me a docker node with a Leader/Manager.

Trying the following command

docker stack deploy --compose-file docker-compose.yml portainer-ce

This command create de stack with a service

After that if i run netstat -tapeu

This command only give IPv6 connection for the port exposed !

Same thing for lsof -i -n

I will try again to install docker without using default Ubuntu repository but installing from the script ofered by docker

rimelek · September 20, 2023, 5:45pm

Please, format your posts according to the following guide: How to format your forum posts
In short: please, use </> button to share codes, terminal outputs, error messages or anything that can contain special characters which would be interpreted by the MarkDown filter. Use the preview feature to make sure your text is formatted as you would expect it and check your post after you have sent it so you can still fix it.

It can get you much more answers.

anddimario · September 30, 2023, 12:39pm

I’ve the same problem with ubuntu 22.04 and 23.04, and i’ve found another post dated 2021 with the same problem but without reply

rimelek · September 30, 2023, 12:53pm

Can you share that post? It might give someone a new idea.

anddimario · September 30, 2023, 12:56pm

Here: https://forums.docker.com/t/bug-docker-swarm-ports-available-on-ipv6-only/114990

rimelek · September 30, 2023, 12:58pm

Thank you. I still can’t answer, but the in this post:

It’s clear that Docker was not installed from the official repository provided by Docker. The proper installation way is in the documentation.

For ubuntu:

cberthe067 · October 13, 2023, 10:35am

I finally had time to test again docker swarm in VM using the script helper describe in de documentation using debian 12 … get-docker.sh

After docker swarm join

I ran

docker stack deploy --compose-file docker-compose.yml portainer-ce

my docker compose-file is


version: "3"
services:
  portainer:
    image: portainer/portainer-ce:latest
    container_name : portainer-ce
    ports:
      - 9443:9443
    volumes:
        - ./persist/data:/data
        - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped

Container is not reachable !

netstat connection only give tcp6 for port 9443 !

Docker VM is running on Proxmox !

Topic		Replies	Views
Docker Disable IPV6 General	0	6870	November 9, 2018
BUG? docker swarm ports available on IPv6 only General	0	988	September 9, 2021
IPv6 SWARM (to IPv4 containers) Swarm	0	903	December 10, 2019
No IPv6 allocated when running as Service Swarm	0	841	September 22, 2017
Routing Mesh not binding to service port on the node Swarm	19	4617	July 23, 2020

Docker swarm / service do not bind on ipv4 only on ipv6!

Related topics