I am trying to deploy a Swarm manually in EC2 using Consul as the keystore.
Here is my Consul startup:
sudo docker daemon -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock &
sudo docker -H tcp://54.218.52.98:2375 run -d -p 8500:8500 -h consul progrium/consul -server -bootstrap
I am using the following to start a docker daemon on the Swarm master. I am running in EC2 with Ubuntu 15.04.
Any help would be appreciated.
sudo docker daemon --cluster-store=consul:///54.218.52.98:8500 --cluster-advertise=eth0:2375 -H tcp://0.0.0.0:2375 -H unix:///var/run/docker.sock &
I am getting the following error on startup of the master daemon:
ubuntu#ip-172-31-12-164:~$ WARN[0000] /!\ DON'T BIND ON ANY IP ADDRESS WITHOUT setting -tlsverify IF YOU DON'T KNOW WHAT YOU'RE DOING /!\
INFO[0000] [graphdriver] using prior storage driver "aufs"
INFO[0000] Initializing discovery without TLS
INFO[0000] API listen on [::]:2375
INFO[0000] API listen on /var/run/docker.sock
ERRO[0000] discovery error: Unexpected watch error
ERRO[0000] Registering as "172.31.12.164:2375" in discovery failed: cannot set or renew session for ttl, unable to operate on sessions
INFO[0000] Firewalld running: false
INFO[0000] Default bridge (docker0) is assigned with an IP address 172.17.0.1/16. Daemon option --bip can be used to set a preferred IP address
WARN[0000] Your kernel does not support swap memory limit.
INFO[0000] Loading containers: start.
..
INFO[0000] Loading containers: done.
INFO[0000] Daemon has completed initialization
INFO[0000] Docker daemon commit=a34a1d5 execdriver=native-0.2 graphdriver=aufs version=1.9.1
Is you check on aws ifconfig you will notice your external IP is not linked directly to eth interface.
I would suggest to --cluster-store consul://127.0.0.1:8500
Related
I want to have a container that can access and run kubectl command on my host machine. Here is what I have:
I have installed Kubernetes and Minikube on my host machine.
I used this docker container: helm-kubectl link
This is the command I run my docker:
docker run -it -v ~/.kube:/root/.kube -v ~/.minikube:/Users/xxxx/.minikube dtzar/helm-kubectl
Inside the container, when I checked the cluster, I can see the context has loaded my minikube, However, I can't run another kubectl command due to the reason "The connection to the server 127.0.0.1:32768 was refused - did you specify the right host or port?".
bash-5.0# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
docker-desktop docker-desktop docker-desktop
docker-for-desktop docker-desktop docker-desktop
* minikube minikube minikube
bash-5.0# kubectl get all
The connection to the server 127.0.0.1:32768 was refused - did you specify the right host or port?
I have checked my Kubenetes config at ~/.kube and the port is 32768.
- cluster:
certificate-authority: /Users/xxx/.minikube/ca.crt
server: https://127.0.0.1:32768
name: minikube
I have tried port -p 32768 or --expose 32768 but no luck. So anyone can help this?
Thanks zerkms! It works with --network host
I am using windows10, redis-64bit, I started a redis container with command:
docker run --name myredis -d redis redis-server --appendonly yes
when I try to connect to this container using:
redis-cli -h 192.168.99.1 -p 6379
it shows:
Could not connect to Redis at 192.168.99.1:6379: Unknown error
here, 192.168.99.1 is my virtual machine ip address, anyone know how to solve this issue, thanks!
To connect to a redis container from a remote server you should do the following:
Start redis container on host (192.168.99.1):
docker run --name myredis -p 7000:6379 -d redis redis-server
Connect via remote server:
redis-cli -h 192.168.99.1 -p 7000
I'm trying to setup Kubernetes cluster with multi master and external etcd cluster. Followed these steps as described in kubernetes.io. I was able to create static manifest pod files in all the 3 hosts at /etc/kubernetes/manifests folder after executing Step 7.
After that when I executed command 'sudo kubeadmin init', the initialization got failed because of kubelet errors. Also verified journalctl logs, the error says misconfiguration of cgroup driver which is similar to this SO link.
I tried as said in the above SO link but not able to resolve.
Please help me in resolving this issue.
For installation of docker, kubeadm, kubectl and kubelet, I followed kubernetes.io site only.
Environment:
Cloud: AWS
EC2 instance OS: Ubuntu 18.04
Docker version: 18.09.7
Thanks
After searching few links and doing few trails, I am able to resolve this issue.
As given in the Container runtime setup, the Docker cgroup driver is systemd. But default cgroup driver of Kubelet is cgroupfs. So as Kubelet alone cannot identify cgroup driver automatically (as given in kubernetes.io docs), we have to provide cgroup-driver externally while running Kubelet like below:
cat << EOF > /etc/systemd/system/kubelet.service.d/20-etcd-service-manager.conf
[Service]
ExecStart=
ExecStart=/usr/bin/kubelet --cgroup-driver=systemd --address=127.0.0.1 --pod->manifest-path=/etc/kubernetes/manifests
Restart=always
EOF
systemctl daemon-reload
systemctl restart kubelet
Moreover, no need to run sudo kubeadm init, as we are providing --pod-manifest-path to Kubelet, it runs etcd as Static POD.
For debugging, logs of Kubelet can be checked using below command
journalctl -u kubelet -r
Hope it helps. Thanks.
Mac running Docker Version 17.12.0-ce-mac55 (23011) here.
I have a very bizarre situation with Docker that I absolutely cannot explain!
I have a Dockerized web service that runs perfectly fine outside of Docker, running off of port 9200 (so: http://localhost:9200)
I can also run several other images locally (nginx, Oracle DB) and I can access them via localhost:80 and localhost:1521 respectively
When I run the container for my Dockerized service, I see (via docker logs <containerId>) the service startup without any errors whatsoever
Despite the fact that the container is running without any errors, I absolutely cannot connect to it from my Mac host via localhost:9200
The exact steps to reproduce are:
Clone this repo
Build the image via ./gradlew clean build && docker build -t locationservice .
Run the container via docker run -it -p 9200:9200 -d --net="host" --name locationservice locationservice
If you use docker ps to obtain the <containerId>, then you can keep hitting docker logs <containerId> until you see it has started up without errors
On my machine, when I try to curl against localhost:9200, I get "connection refused" errors (see below)
curl error is:
curl -X GET http://localhost:9200/bupo
curl: (7) Failed to connect to localhost port 9200: Connection refused
Some things I have ruled out:
localhost is absolutely resolveable from the host because we're running in host network mode and I have no problem connecting to nginx (port 80) and Oracle (port 1521) containers
The app is starting up and if you look at the logs you'll see it is starting up listening on 9200
Any ideas what the problem could be?!
Docker for Mac runs in a VM. --net=host refers to the Linux VM hosts network stack not OSX. There is no direct network path from OSX to the Docker VM other than mapped ports.
Mapped ports (docker run -p Y:N) in Docker for Mac are a little special, in addition to the user space proxy that runs on the Docker host normally, Docker for Mac also launches a user space proxy on OSX to listen on the same port and forward connections into the VM. The OSX process isn't started when using --net=host (and the Linux one isn't either of course).
→ docker run --name nc --rm --net=host -dp 9200:9200 busybox nc -lk -p 9201 -e echo hey
→ docker inspect nc --format '{{ json .NetworkSettings.Ports }}'
{}
→ sudo lsof -Pni | grep 9200
→
Then without --net=host
→ docker run --name nc --rm -dp 9200:9200 busybox nc -lk -p 9201 -e echo hey
→ docker inspect nc --format '{{ json .NetworkSettings.Ports }}'
{"9200/tcp":[{"HostIp":"0.0.0.0","HostPort":"9200"}]}
→ sudo lsof -Pni | grep 9200
vpnkit 42658 matt 28u IPv4 0x57f79853269b81bf 0t0 TCP *:9200 (LISTEN)
vpnkit 42658 matt 29u IPv6 0x57f798532765ca9f 0t0 TCP [::1]:9200 (LISTEN)
If your app requires --net=host then I would use Vagrant/Virtualbox to spin up a VM with a "Host Only" adapter. This means there is a direct network path that you can access from OSX on the VM. Here's the Vagrantfile I use.
Docker for Mac does not support host network mode very well: https://github.com/docker/for-mac/issues/1031
So at this moment the solution is to use default bridge mode.
I have a problem similar to How to access externally to consul UI but I can't get the combinations of network options to work right.
I'm on OSX using Docker for Mac, not the old docker-machine stuff, and the official consul docker image, not the progrium/docker image.
I can start up a 3-node server cluster fine using
docker run -d --name node1 -h node1 consul agent -server -bootstrap-expect 3
JOIN_IP="$(docker inspect -f '{{.NetworkSettings.IPAddress}}' node1)"
docker run -d --name node2 -h node2 consul agent -server -join $JOIN_IP
docker run -d --name node3 -h node3 consul agent -server -join $JOIN_IP
So far so good, they're connected to each other and working fine. Now I want to start an agent, and view the UI via it.
I tried a bunch of combinations of -client and -bind, which seem to be the key to all of this. Using
docker run -d -p 8500:8500 --name node4 -h node4 consul agent -join $JOIN_IP -ui -client=0.0.0.0 -bind=127.0.0.1
I can get the UI via http://localhost:8500/ui/, and consul members shows all the nodes:
docker exec -t node4 consul members
Node Address Status Type Build Protocol DC
node1 172.17.0.2:8301 alive server 0.7.1 2 dc1
node2 172.17.0.3:8301 alive server 0.7.1 2 dc1
node3 172.17.0.4:8301 alive server 0.7.1 2 dc1
node4 127.0.0.1:8301 alive client 0.7.1 2 dc1
But all is not well; in the UI it tells me node4 is "Agent not live or unreachable" and in its logs there's a whole bunch of
2016/12/19 18:18:13 [ERR] memberlist: Failed to send ping: write udp 127.0.0.1:8301->172.17.0.4:8301: sendto: invalid argument
I've tried a bunch of other combinations - --net=host just borks things up on OSX.
If I try -bind=my box's external IP it won't start,
Error starting agent: Failed to start Consul client: Failed to start lan serf: Failed to create memberlist: Failed to start TCP listener. Err: listen tcp 192.168.1.5:8301: bind: cannot assign requested address
I also tried mapping all the other ports including the udp ports (-p 8500:8500 -p 8600:8600 -p 8400:8400 -p 8300-8302:8300-8302 -p 8600:8600/udp -p 8301-8302:8301-8302/udp) but that didn't change anything.
How can I join a node up to this cluster and view the UI?
Try using the 0.7.2 release of Consul and start the agent using the following (beta as of 0.7.2, final by 0.8.0) syntax:
$ docker run -d -p 8500:8500 --name node4 -h node4 consul agent -join $JOIN_IP -ui -client=0.0.0.0 -bind='{{ GetPrivateIP }}'
The change being the argument to -bind where Consul will now render out the IP address of a private IP address. The other template parameters are documented in the hashicorp/go-sockaddr.