Docker Community Forums

Share and learn in the Docker community.

Ucp-proxy connection issue


(Rkharya) #1

Hi,

I am facing issue while installing ucp beta on rhel 7.2 -

[root@docker-1 ~]# docker run --rm -it --name ucp -v /var/run/docker.sock:/var/run/docker.sock dockerorca/ucp install --fresh-install --old-kernel --swarm-port 2376 -i
INFO[0000] Verifying your system is compatible with UCP
WARN[0000] Your kernel is too old to support cross-host networking. Consider upgrading to 3.16.0 or newer
Please choose your initial Orca admin password:
Confirm your initial password:
INFO[0011] All required images are already available
We detected the following hostnames/IP addresses for this system [docker-1.cisco.com 127.0.0.1 172.17.0.1 10.104.252.183]

You may enter additional aliases (SANs) now or press enter to proceed with the above list.
Additional aliases:
INFO[0018] Installing UCP with host address 10.104.252.183 - If this is incorrect, please use the ‘–host-address’ flag to specify a different address
WARN[0000] Your kernel is too old to support cross-host networking. Consider upgrading to 3.16.0 or newer
INFO[0003] Removing old UCP containers
INFO[0026] Generating Swarm Root CA
INFO[0054] Generating UCP Root CA
INFO[0060] Deploying UCP Containers
ERRO[0121] We were unable to communicate with proxy we just started at address 10.104.252.183. If this address is incorrect, re-run the install using the ‘–host-address’ option. Run “docker logs ucp-proxy” for more details from the proxy
FATA[0121] Unable to connect to system

[root@docker-1 ~]# docker logs ucp-proxy
Listening on 2376
Using TLS

I do have docker environment configured as below -

root@docker-1 ~]# systemctl show docker --property Environment
Environment=HTTP_PROXY=http://64.102.255.40:8080/ NO_PROXY=localhost,127.0.0.0/8,10.0.0.0/8,10.104.252.0/24,10.65.123.0/24,*.cisco.com

I saw similar post on the same issue, which talks about opening up some firewall post resolved their issue. But details are missing.

Appreciate help on this.

Thanks,
~ Rajesh.


(Vivek Saraswat) #2

Hi Rajesh, I’ve opened up an issue with our development team on this. Will let you know when I hear back. In the meantime if you see any changes let me know; I am following the other topic as well.


(Rkharya) #3

Hi Vivek,

Can you pls. add me to #cisco-ucp-beta and let me know how to access it. Is it an IRC channel?

Thanks,
~ Rajesh.


(Joshmardistts) #4

I also get this bug on RancherOS with Docker 1.9.1-rc1.


(Adam2015) #5

I’m not sure if you are still having this issue, but I had the same error. Check your firewall logs (journalctl -u firewalld). If you see
ERROR: COMMAND FAILED: 'sbin/iptables -w2 …DOCKER… No chain/target match by that name.

then the problem is that you need to add the chain ‘DOCKER’ to iptables. I did it earlier this week so I don’t remember the exact process, but I did something like this:

  1. Edit the /etc/sysconfig/iptables-config/ file changing IPTABLES_SAVE_ON_STOP=“yes” and IPTABLES_SAVE_ON_RESTART=“yes”

  2. Create the chain ‘DOCKER’ in the ‘nat’ table and the ‘filter’ table. (iptables -N DOCKER -t [table])

  3. Check by running the commands that failed during the attempted install (iptables -w2 …etc)

You can keep following exactly what the problems are by re-running the install with --fresh-install -D at the end. The -D will show verbose output during the install and your iptables errors will show as they are happening.

Also, it might be helpful to use nmap to scan the ports from an external machine to make sure they are open. Hopefully this helps.