Docker Community Forums

Share and learn in the Docker community.

Question about ucp-interlock-proxy

We have a swarm that was behind a malfunctioning firewall and would not allow access to the internet so we weren’t able to pull images from any repos. We initially thought the issue was with the Swarm since everything in the firewall config looked right. So, we went through and drained/paused and rebooted all Manager and Worker nodes. However, once the swarm came back up, Layer 7 would no longer deploy. In UCP, it looked enabled. When I would uncheck the box to try and disable and then enable again, it would say 'ucp-interlock-service not found."

Eventually we got the firewall issue resolved and once the swarm was able to get to the repos, Layer 7 deployed fine and I saw a container for ucp-interlock-proxy spin up and everything was resolved. My guess is that because the swarm couldn’t pull an image for the interlock-proxy service, it couldn’t deploy it. I’m hoping someone can give me the nitty gritty of what actually happens behind the scenes when Layer 7 is deployed and confirm/deny whether my theory is plausible. Thanks in advance for any help.

Your assumption is correct. If the image is not available in the local cache and can not be pulled from the internet, there is no way to create a container from it.

UCP consists of many bits and pieces. The interlock image is just one piece of many and it could have happend with any of the other required images as well. Of course an image must be present before a container can be created based on it. Though, Docker provides an offline-installer for airgap environments. It includes all required Image to run a specific ucp version (there is also one for dtr).