Docker Community Forums

Share and learn in the Docker community.

UCP installation issues with firewall settings

docker

(Rkharya) #1

UCP installation failures seen on RHEL7.2 on bare metal nodes. Below is the debug output -

[cluster-admin@Docker-1 ~]$ docker run --rm -it --name ucp -v /var/run/docker.sock:/var/run/docker.sock docker/ucp install -i --host-address 10.65.122.80 --fresh-install
INFO[0000] Verifying your system is compatible with UCP
INFO[0000] Your engine version 1.12.0, build 8eab29e (3.10.0-327.28.2.el7.x86_64) is compatible
WARN[0000] Your system uses devicemapper. We can not accurately detect available storage space. Please make sure you have at least 3.00 GB available in /var/lib/docker
Please choose your initial UCP admin password:
Confirm your initial password:
INFO[0009] All required images are present
We detected the following hostnames/IP addresses for this system [Docker-1.cisco.com 127.0.0.1 172.17.0.1 10.65.122.80]

You may enter additional aliases (SANs) now or press enter to proceed with the above list.
Additional aliases:
INFO[0010] Installing UCP with host address 10.65.122.80 - If this is incorrect, please specify an alternative address with the ‘–host-address’ flag
INFO[0000] Checking that required ports are available and accessible
FATA[0039] The following required ports are blocked on your host: 443, 2376, 12382, 12386, 12383, 12379, 12380, 12376, 12381, 12385, 12384. Check your firewall settings.
[cluster-admin@Docker-1 ~]$ docker run --rm -it --name ucp -v /var/run/docker.sock:/var/run/docker.sock docker/ucp install -i --host-address 10.65.122.80 --fresh-install --debug
DEBU[0000] New UCP Instance ID will be "SM7Y:JXNS:6CXS:H6GV:TLLK:RQEA:WRPQ:ZEGL:AUDK:ZLI5:EJOZ:XIQF"
INFO[0000] Verifying your system is compatible with UCP
DEBU[0000] Verifying docker.sock
DEBU[0000] Connecting to docker unix:///var/run/docker.sock
DEBU[0000] Checking for compatible kernel version
DEBU[0000] Kernel version 3.10.0-327.28.2.el7.x86_64 is compatible
DEBU[0000] Checking for compatible engine version
INFO[0000] Your engine version 1.12.0, build 8eab29e (3.10.0-327.28.2.el7.x86_64) is compatible
DEBU[0000] Looking for container ucp-phase2
DEBU[0000] Container ucp-phase2 not found: Error: No such container: ucp-phase2
DEBU[0000] Looking for container ucp
DEBU[0000] Looking for container ucp-controller
DEBU[0000] Container ucp-controller not found: Error: No such container: ucp-controller
DEBU[0000] Looking for container ucp-swarm-manager
DEBU[0000] Container ucp-swarm-manager not found: Error: No such container: ucp-swarm-manager
DEBU[0000] Looking for container ucp-swarm-join
DEBU[0000] Container ucp-swarm-join not found: Error: No such container: ucp-swarm-join
DEBU[0000] Looking for container ucp-kv
DEBU[0000] Container ucp-kv not found: Error: No such container: ucp-kv
DEBU[0000] Looking for container ucp-proxy
DEBU[0000] Container ucp-proxy not found: Error: No such container: ucp-proxy
DEBU[0000] Looking for container ucp-client-root-ca
DEBU[0000] Container ucp-client-root-ca not found: Error: No such container: ucp-client-root-ca
DEBU[0000] Looking for container ucp-cluster-root-ca
DEBU[0000] Container ucp-cluster-root-ca not found: Error: No such container: ucp-cluster-root-ca
DEBU[0000] Looking for container ucp-auth-store
DEBU[0000] Container ucp-auth-store not found: Error: No such container: ucp-auth-store
DEBU[0000] Looking for container ucp-auth-api
DEBU[0000] Container ucp-auth-api not found: Error: No such container: ucp-auth-api
DEBU[0000] Looking for container ucp-auth-worker
DEBU[0000] Container ucp-auth-worker not found: Error: No such container: ucp-auth-worker
DEBU[0000] Looking for container ucp-auth-sync-db
DEBU[0000] Container ucp-auth-sync-db not found: Error: No such container: ucp-auth-sync-db
DEBU[0000] Looking for container ucp-auth-create-admin
DEBU[0000] Container ucp-auth-create-admin not found: Error: No such container: ucp-auth-create-admin
DEBU[0000] Looking for container ucp-auth-drain-db-server
DEBU[0000] Container ucp-auth-drain-db-server not found: Error: No such container: ucp-auth-drain-db-server
DEBU[0000] Looking for container ucp-kv-backup
DEBU[0000] Container ucp-kv-backup not found: Error: No such container: ucp-kv-backup
DEBU[0000] Looking for container ucp-kv-restore
DEBU[0000] Container ucp-kv-restore not found: Error: No such container: ucp-kv-restore
DEBU[0000] Validating base system meets minimum requirements
DEBU[0000] Your system meets minimum memory requirements: 125.50 GB >= 2.00 GB
WARN[0000] Your system uses devicemapper. We can not accurately detect available storage space. Please make sure you have at least 3.00 GB available in /var/lib/docker
Please choose your initial UCP admin password:
Confirm your initial password:
DEBU[0009] Checking for images
INFO[0009] All required images are present
DEBU[0009] Local Name: Docker-1.cisco.com
DEBU[0009] Host Address: 10.65.122.80
We detected the following hostnames/IP addresses for this system [Docker-1.cisco.com 127.0.0.1 172.17.0.1 10.65.122.80]

You may enter additional aliases (SANs) now or press enter to proceed with the above list.
Additional aliases:
DEBU[0010] User entered:

DEBU[0010] Hostnames: [Docker-1.cisco.com 127.0.0.1 172.17.0.1 10.65.122.80]
INFO[0010] Installing UCP with host address 10.65.122.80 - If this is incorrect, please specify an alternative address with the ‘–host-address’ flag
DEBU[0010] Re-using existing volume ucp-client-root-ca
DEBU[0010] Re-using existing volume ucp-cluster-root-ca
DEBU[0010] Re-using existing volume ucp-controller-server-certs
DEBU[0010] Re-using existing volume ucp-node-certs
DEBU[0011] Launching phase 2 with: [install -i --host-address 10.65.122.80 --fresh-install --debug] (6ef507dcea91f909a44625c2925ae279ccfaf82be3e692272659302344d8bb74)
DEBU[0000] Beginning phase 2 install for instance SM7Y:JXNS:6CXS:H6GV:TLLK:RQEA:WRPQ:ZEGL:AUDK:ZLI5:EJOZ:XIQF
DEBU[0000] Verifying docker.sock
DEBU[0000] Connecting to docker unix:///var/run/docker.sock
DEBU[0000] Checking for compatible kernel version
DEBU[0000] Kernel version 3.10.0-327.28.2.el7.x86_64 is compatible
DEBU[0000] Checking for compatible engine version
DEBU[0000] Looking for container ucp-phase2
DEBU[0000] Looking for container ucp-controller
DEBU[0000] Container ucp-controller not found: Error: No such container: ucp-controller
DEBU[0000] Looking for container ucp-swarm-manager
DEBU[0000] Container ucp-swarm-manager not found: Error: No such container: ucp-swarm-manager
DEBU[0000] Looking for container ucp-swarm-join
DEBU[0000] Container ucp-swarm-join not found: Error: No such container: ucp-swarm-join
DEBU[0000] Looking for container ucp-kv
DEBU[0000] Container ucp-kv not found: Error: No such container: ucp-kv
DEBU[0000] Looking for container ucp-proxy
DEBU[0000] Container ucp-proxy not found: Error: No such container: ucp-proxy
DEBU[0000] Looking for container ucp-client-root-ca
DEBU[0000] Container ucp-client-root-ca not found: Error: No such container: ucp-client-root-ca
DEBU[0000] Looking for container ucp-cluster-root-ca
DEBU[0000] Container ucp-cluster-root-ca not found: Error: No such container: ucp-cluster-root-ca
DEBU[0000] Looking for container ucp-auth-store
DEBU[0000] Container ucp-auth-store not found: Error: No such container: ucp-auth-store
DEBU[0000] Looking for container ucp-auth-api
DEBU[0000] Container ucp-auth-api not found: Error: No such container: ucp-auth-api
DEBU[0000] Looking for container ucp-auth-worker
DEBU[0000] Container ucp-auth-worker not found: Error: No such container: ucp-auth-worker
DEBU[0000] Looking for container ucp-auth-sync-db
DEBU[0000] Container ucp-auth-sync-db not found: Error: No such container: ucp-auth-sync-db
DEBU[0000] Looking for container ucp-auth-create-admin
DEBU[0000] Container ucp-auth-create-admin not found: Error: No such container: ucp-auth-create-admin
DEBU[0000] Looking for container ucp-auth-drain-db-server
DEBU[0000] Container ucp-auth-drain-db-server not found: Error: No such container: ucp-auth-drain-db-server
DEBU[0000] Looking for container ucp-kv-backup
DEBU[0000] Container ucp-kv-backup not found: Error: No such container: ucp-kv-backup
DEBU[0000] Looking for container ucp-kv-restore
DEBU[0000] Container ucp-kv-restore not found: Error: No such container: ucp-kv-restore
DEBU[0000] Local Name: Docker-1.cisco.com
DEBU[0000] Host Address: 10.65.122.80
DEBU[0000] Hostnames: [Docker-1.cisco.com 127.0.0.1 172.17.0.1 10.65.122.80]
INFO[0000] Checking that required ports are available and accessible
DEBU[0000] Checking for available and accessible port 12386
DEBU[0000] Checking for available and accessible port 2376
DEBU[0000] Checking for available and accessible port 443
DEBU[0000] Checking for available and accessible port 12382
DEBU[0000] Checking for available and accessible port 12379
DEBU[0000] Checking for available and accessible port 12383
DEBU[0000] Checking for available and accessible port 12384
DEBU[0000] Checking for available and accessible port 12376
DEBU[0000] Checking for available and accessible port 12381
DEBU[0000] Checking for available and accessible port 12385
DEBU[0000] Checking for available and accessible port 12380
DEBU[0001] Checking for liveness of http://10.65.122.80:12376/
DEBU[0002] Checking for liveness of !http://10.65.122.80:12379/ <<< ‘!’ has been added here to avoid error in posting as it allows only 2 links per post for new users >>>
DEBU[0002] Checking for liveness of !http://10.65.122.80:12380/
DEBU[0003] Checking for liveness of !http://10.65.122.80:12384/
DEBU[0004] Checking for liveness of !http://10.65.122.80:443/
DEBU[0005] Checking for liveness of !http://10.65.122.80:2376/
DEBU[0005] Checking for liveness of !http://10.65.122.80:12381/
DEBU[0006] Checking for liveness of !http://10.65.122.80:12386/
DEBU[0007] Checking for liveness of !http://10.65.122.80:12382/
DEBU[0008] Checking for liveness of !http://10.65.122.80:12385/
DEBU[0008] Checking for liveness of !http://10.65.122.80:12383/
FATA[0040] The following required ports are blocked on your host: 12376, 12379, 12384, 12380, 443, 2376, 12386, 12381, 12382, 12385, 12383. Check your firewall settings.

Here is my firewall settings, which shows listed ports are opened -

[cluster-admin@Docker-1 ~]$ sudo firewall-cmd --permanent --zone=public --list-all
public (default)
interfaces:
sources:
services: dhcpv6-client ssh
ports: 2379/tcp 443/tcp 4789/udp 12379/tcp 12381/tcp 7946/udp 12380/tcp 7946/tcp 12385/tcp 2376/tcp 2375/tcp 12386/tcp 12383/tcp 12384/tcp 12382/tcp 2380/tcp 12376/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

[cluster-admin@Docker-1 ~]$ docker --version
Docker version 1.12.0, build 8eab29e

Appreciate help in this fixing this.
Selinux was disabled, but that did not helped either.


(Peps) #2

Same issue for me: are you running UCP behind a proxy?
I’ve solved by adding -e no_proxy=<UCP_CONTROLLER_IP> to the docker run command.
Alternatively, you can also use the --env-file oprion and put all the proxy environment variable there.