moby: worker does not see swarm networks

Description On worker is not available overlay networks. Test cases:

  1. created overlay network -> joined worker -> checked overlay network on worker;
  2. joined worker -> created overlay network ->checked overlay network on worker;

Steps to reproduce the issue:

  1. join worker
  2. create overlay network
  3. check overlay network on worker;

Describe the results you received:

  • on manager
ca-east-doc1 system # docker node ls
ID                            HOSTNAME                     STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
jbq7vn03c7wmrwwhfg0uv7zxt *   ca-east-doc1.phonebox.work   Ready               Active              Reachable           18.06.1-ce
miefdbsgg9j81dfxfjlaysg6c     ca-east-doc2.phonebox.work   Ready               Active              Leader              18.06.1-ce
a73ewp34001kcz1axmx610f9q     ca-east-doc3.phonebox.work   Ready               Active              Reachable           18.06.1-ce
zrstf6wvgyheffzawpmnvbhtg     us-west-sw1.phonebox.work    Ready               Active                                  18.06.1-ce
ca-east-doc1 system # docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
6c2c01201917        bridge              bridge              local
15895052b239        docker_gwbridge     bridge              local
aaaa843cb2b4        host                host                local
liwc39jqt5i0        ingress             overlay             swarm
wbkrzdop2alc        kazoo               overlay             swarm
a4e079430521        none                null                local
n6vnv0n5zjm5        test                overlay             swarm
  • on worker
us-west-sw1 ~ # docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
2b9c04fed29e        bridge              bridge              local
f5fc7fabe021        docker_gwbridge     bridge              local
2c5b90a85839        host                host                local
liwc39jqt5i0        ingress             overlay             swarm
233d1c75d64e        none                null                local
us-west-sw1 ~ #

Describe the results you expected: Overlay networks on worker must be same to manager.

Additional information you deem important (e.g. issue happens only occasionally):

Output of docker version:

us-west-sw1 ~ # docker version
Client:
 Version:           18.06.1-ce
 API version:       1.38
 Go version:        go1.10.4
 Git commit:        e68fc7a
 Built:             Tue Aug 21 17:16:31 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.1-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.4
  Git commit:       e68fc7a
  Built:            Tue Aug 21 17:16:31 2018
  OS/Arch:          linux/amd64
  Experimental:     false

Output of docker info:

us-west-sw1 ~ # docker info   
Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 0
Server Version: 18.06.1-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
 NodeID: zrstf6wvgyheffzawpmnvbhtg
 Is Manager: false
 Node Address: 192.168.0.16
 Manager Addresses:
  192.168.4.16:2377
  192.168.4.17:2377
  192.168.5.16:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: v0.13.2 (expected: fec3683b971d9c3ef73f284f176672c44b448662)
Security Options:
 seccomp
  Profile: default
 selinux
Kernel Version: 4.14.81-coreos
Operating System: Container Linux by CoreOS 1911.4.0 (Rhyolite)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.912GiB
Name: us-west-sw1.phonebox.work
ID: 6VUN:CLRJ:SSEQ:MJ7C:LATJ:GGGN:SABK:E2M5:GZHU:74QJ:RCSN:DTDS
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Additional environment details (AWS, VirtualBox, physical, etc.): use CoreOS on Amazon

us-west-sw1 ~ # cat /etc/os-release 
NAME="Container Linux by CoreOS"
ID=coreos
VERSION=1911.4.0
VERSION_ID=1911.4.0
BUILD_ID=2018-11-26-1924
PRETTY_NAME="Container Linux by CoreOS 1911.4.0 (Rhyolite)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"

About this issue

  • Original URL
  • State: open
  • Created 6 years ago
  • Comments: 20 (9 by maintainers)

Most upvoted comments

Something like this should work assuming you have an attachable network: docker service create --restart=on-failure --network=mynet --mount type=bind,source=/run/docker.sock,target=/run/docker.sock docker:18.09 docker run --net=myNet --cap-add SYS_ADMIN <img for iptables commands>

Anyway this is working as designed. Allowing the worker to request resources that it doesn’t need from the manager is istentionally forbidden.

+1
cpuguy83 on Dec 20, 2018
Read more comments on GitHub
← moby: WORKDIR causes docker build to not use cache
moby: write unix /var/run/docker.sock->@: write: broken pipe →