moby: worker does not see swarm networks
Description On worker is not available overlay networks. Test cases:
- created overlay network -> joined worker -> checked overlay network on worker;
- joined worker -> created overlay network ->checked overlay network on worker;
Steps to reproduce the issue:
- join worker
- create overlay network
- check overlay network on worker;
Describe the results you received:
- on manager
ca-east-doc1 system # docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
jbq7vn03c7wmrwwhfg0uv7zxt * ca-east-doc1.phonebox.work Ready Active Reachable 18.06.1-ce
miefdbsgg9j81dfxfjlaysg6c ca-east-doc2.phonebox.work Ready Active Leader 18.06.1-ce
a73ewp34001kcz1axmx610f9q ca-east-doc3.phonebox.work Ready Active Reachable 18.06.1-ce
zrstf6wvgyheffzawpmnvbhtg us-west-sw1.phonebox.work Ready Active 18.06.1-ce
ca-east-doc1 system # docker network ls
NETWORK ID NAME DRIVER SCOPE
6c2c01201917 bridge bridge local
15895052b239 docker_gwbridge bridge local
aaaa843cb2b4 host host local
liwc39jqt5i0 ingress overlay swarm
wbkrzdop2alc kazoo overlay swarm
a4e079430521 none null local
n6vnv0n5zjm5 test overlay swarm
- on worker
us-west-sw1 ~ # docker network ls
NETWORK ID NAME DRIVER SCOPE
2b9c04fed29e bridge bridge local
f5fc7fabe021 docker_gwbridge bridge local
2c5b90a85839 host host local
liwc39jqt5i0 ingress overlay swarm
233d1c75d64e none null local
us-west-sw1 ~ #
Describe the results you expected: Overlay networks on worker must be same to manager.
Additional information you deem important (e.g. issue happens only occasionally):
Output of docker version
:
us-west-sw1 ~ # docker version
Client:
Version: 18.06.1-ce
API version: 1.38
Go version: go1.10.4
Git commit: e68fc7a
Built: Tue Aug 21 17:16:31 2018
OS/Arch: linux/amd64
Experimental: false
Server:
Engine:
Version: 18.06.1-ce
API version: 1.38 (minimum version 1.12)
Go version: go1.10.4
Git commit: e68fc7a
Built: Tue Aug 21 17:16:31 2018
OS/Arch: linux/amd64
Experimental: false
Output of docker info
:
us-west-sw1 ~ # docker info
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 18.06.1-ce
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: zrstf6wvgyheffzawpmnvbhtg
Is Manager: false
Node Address: 192.168.0.16
Manager Addresses:
192.168.4.16:2377
192.168.4.17:2377
192.168.5.16:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 468a545b9edcd5932818eb9de8e72413e616e86e
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: v0.13.2 (expected: fec3683b971d9c3ef73f284f176672c44b448662)
Security Options:
seccomp
Profile: default
selinux
Kernel Version: 4.14.81-coreos
Operating System: Container Linux by CoreOS 1911.4.0 (Rhyolite)
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.912GiB
Name: us-west-sw1.phonebox.work
ID: 6VUN:CLRJ:SSEQ:MJ7C:LATJ:GGGN:SABK:E2M5:GZHU:74QJ:RCSN:DTDS
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
Additional environment details (AWS, VirtualBox, physical, etc.): use CoreOS on Amazon
us-west-sw1 ~ # cat /etc/os-release
NAME="Container Linux by CoreOS"
ID=coreos
VERSION=1911.4.0
VERSION_ID=1911.4.0
BUILD_ID=2018-11-26-1924
PRETTY_NAME="Container Linux by CoreOS 1911.4.0 (Rhyolite)"
ANSI_COLOR="38;5;75"
HOME_URL="https://coreos.com/"
BUG_REPORT_URL="https://issues.coreos.com"
COREOS_BOARD="amd64-usr"
About this issue
- Original URL
- State: open
- Created 6 years ago
- Comments: 20 (9 by maintainers)
Something like this should work assuming you have an attachable network:
docker service create --restart=on-failure --network=mynet --mount type=bind,source=/run/docker.sock,target=/run/docker.sock docker:18.09 docker run --net=myNet --cap-add SYS_ADMIN <img for iptables commands>
Anyway this is working as designed. Allowing the worker to request resources that it doesn’t need from the manager is istentionally forbidden.