-
Notifications
You must be signed in to change notification settings - Fork 18.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docker swarm mode - published ports are not exposed #26817
Comments
This is expected; port publishing for services works different than for "regular" containers; When creating a service, ports of the containers backing the service are themselves not published directly, but go through the built-in load balancing for Swarm mode. Inspecting individual containers, therefore doesn't show published ports, but inspecting the service will show the ports that are published;
Also see https://docs.docker.com/engine/swarm/ingress/#/publish-a-port-for-a-service Note that docker-compose does not support creating services in Swarm mode |
I'll close this issue, because this works as expected, but feel free to continue the discussion |
I think that there's enough inconsistency here that this is still a bug. Probably my issue title goes too far in assuming the solution, what if we called it 'swarm mode needs an option to expose container ports'. Lets take this step by step, let me know if one of these has a bad assumption:
Hopefully that makes sense why the export omission is a pain. If your with me that this is an issue, what could be done for this issue?
I believe References
Here's the example I was using locally to show this, a basic web service showing what happens if no port is exposed. Dockerfile:
output showing repeated restarts:
Adding |
What issue are you running into with your example Dockerfile? If I do;
That looks to work; |
Thanks for trying the repro - looks my mistake when setting that up this morning. Running again after rmi and rebuild, the node service is coming up as expected in swarm mode. I never saw an error from Since service create connectivity is working, that greatly reduces the scope of this problem. Still broken is the consumer in my setup of the exposed port information - registrator. In theory, services that rely on the exposed port (or introspection detail, as you say) would be similarly affected. Also, I see that I chose the wrong filter in the inspect command originally, which may be leading to some of the confusion here. What I meant was:
This command shows exposed ports when a service exposes them, or when additional ports are exposed at start time by And to reiterate - since |
@JettJones I don't think there's a need to create variations of your image, as registrator allows you to set overrides through labels or env-vars; http://gliderlabs.com/registrator/latest/user/services/#container-overrides, so if you need information about the individual containers, use |
From the registrator docs:
So I don't believe the I tried the following variations:
To which registrator replied:
Maybe I'm misunderstanding your suggestion though. |
I looked into registrator some more, and found a bug from 2014 requesting the feature ( Docker instances without ports ). That further convinces me that registrator does not support registering instances that do not have ports exposed. |
I am facing similar problem with docker 1.13.1,
the ports don't get published, but when I use docker run
The ports are published as expected. |
@vetional with "the ports don't get published", do you mean they don't show up if you look at See #26817 (comment) |
@thaJeztah yeah you have got it right but I also can't connect to the exposed ports |
Same issue here, I believe. Swarm mode. Docker version: Docker version 17.06.2-ce, build cec0b72 @vetional how are you trying to connect to the service? What I noticed if I do `wget localhost:8080' on my host machine (i.e. Swarm manager) where I deployed a service publishing port 8080 to 8080 - it doesn't work. It stuck on "Connected... Request sent... Awaiting response". When I do `wget 127.0.0.1:8080' it works. Maybe it's related. |
@thaJeztah I wonder is this still issue, or I am misunderstanding somewhere? |
If |
@svscorp in my case I was deploying a spark cluster, I wasn't using localhost or 127.0.0.1 I was using the public ip of the master. None of worker nodes could reach the master. This used to work in the 0.12.x versions but stopped working on later versions. |
@vetional is the service attached to a custom network? Early versions of docker with swarm mode allowed communication between services over the "ingress" network; this was an oversight as it breaks the "sandboxing" of services; this was later changed, so that services can only communicate with each other when attached to the same custom network. |
@thaJeztah as I recall the service wasn't attached to a custom network. |
That could explain what you're seeing |
Is there any example assign publish service in docker-compose.yml ??? I'd like to use |
Yeah, I would be interested in using Registrator together with Docker swarm mode as well. Does anybody have a working solution for that? Maybe there are alternatives to Registrator that I'm not aware of? |
@thaJeztah
but i still cannot find the exposed port when i use 'netstat -ant | grep port', neither can i curl localhost:port. |
@ilovemath if you suspect there's a bug, please open a new issue instead, and provide the information that's requested in the issue template |
I am facing similar problem, cant't find the listent port use 'netstat -nlt', then i restart the docker daemon and create service again. it works.......... |
I also experience this with a Docker swarm mode enabled host running "regular" containers. Sometimes after restarting/recreating the containers the published port doesn't get mapped properly. I usually have to resort to rebooting as restarting the docker daemon doesn't seem to help. |
I solved it using an earlier version of "boot2docker". Apparently version 18.09 has problems. docker-machine create -d hyperv --hyperv-virtual-switch "myswitch" --hyperv-boot2docker-url=https://github.com/boot2docker/boot2docker/releases/down I have tested this solution with virtualbox driver (in mac) and with hyper-v (obviously windows) |
I can confirm this as well.. using 18.09 on Docker for Mac I couldn't connect to the services using the published ports. When I downgraded the swarm to use 18.05 it all works as expected. |
If your using boot2docker, this is likely due to boot2docker/boot2docker#1349 |
@thaJeztah, why would IPv6 versus IPv4 matter? Using
If I start a container via
|
Port redirection not working with docker swarm |
I was struggling with this as well. As soon as I commented out the following line from my /etc/hosts file everything started working: I did the same on all of my swarm nodes though on the others the lines were slightly different: I don't know WHY this worked or affected things in the first place so if someone can explain it that would be appreciated. Obviously it's related to ipv6 which I should probably just look into disabling altogether but shouldn't the port have been published on both ipv4 and ipv6? |
I have the same problem on centos when firewall is inactive.
I have tested 3 centos VM, none of them works. |
the problem is resovled by updating linux kernel from 3.10.0-1127 to 4.4.227 on centos. |
That was a whole major release kernel version and there's still newer versions out there. I'm not too surprised that didn't work before 😆 |
All the services in my docker swarm cluster work fine for a long time, but one day I found I cannot access some services from the exposed ports, I just scale the service ,docker service scale {service-name}={number" and all works again. |
Description
When exposing ports in swarm mode, the container ports are not exposed. This is unexpected because similar commands in
docker-compose
ordocker run
do expose the related ports.This issue may affect any existing docker workflows moving to swarm mode, using
docker-compose bundle
or manually.I saw this in a larger setup, using consul/registrator for logstash service discovery, when moving a local (
docker-compose.yml
) setup to a cloud provider using swarm mode. Registrator uses exposed port mappings in reporting service config, so this issue results in missing routes.logstash
is an interesting example because:Steps to reproduce the issue:
0. (this reproduction is running on a single node swarm-mode cluster)
docker service create -p "5799:5799" logstash logstash --verbose "input { http { port => 5799 } }"
docker ps | grep logstash
docker inspect -f "{{.HostConfig.PortMappings}}" {service_id}
Describe the results you received:
Describe the results you expected:
Compare this to
docker run -d --name run-logstash -p "5799:5799" logstash --verbose "input { http { port => 5799 } }"
I expect the exposed port to be visible on the container.
Output of
docker version
:Output of
docker info
:Additional environment details (AWS, VirtualBox, physical, etc.):
Reproduced locally, running VirtualBox on Windows.
The text was updated successfully, but these errors were encountered: