Be able to customize ports used by Docker Swarm (7946 TCP/UDP and )

[ggaugry]

Description

Would it be possible to specify differents ports used by Docker Swarm communications than the one by defaults?

• 7946 TCP/UDP
• 4789 UDP
• 2377 TCP

On some environments, these ports can already be used by other processes.

Steps to reproduce the issue:

Launch some processes which listen on port 7946 TCP for exemple on a multi hosts environment.
Once the Swarm Cluster initialized, the nodes are having issues to communicate

Describe the results you received:

General issues with the Swarm communications

Describe the results you expected:

At initialization of the swarm (or on docker engine configuration itself), it would be good to be able to specify on which ports we want Docker Swarm to communicate on.

Output of docker version:

Client:
 Version:           18.06.1-ce
 API version:       1.38
 Go version:        go1.10.3
 Git commit:        e68fc7a
 Built:             Tue Aug 21 17:24:56 2018
 OS/Arch:           linux/amd64
 Experimental:      false

Server:
 Engine:
  Version:          18.06.1-ce
  API version:      1.38 (minimum version 1.12)
  Go version:       go1.10.3
  Git commit:       e68fc7a
  Built:            Tue Aug 21 17:23:21 2018
  OS/Arch:          linux/amd64
  Experimental:     false

Output of docker info:

Containers: 6
 Running: 6
 Paused: 0
 Stopped: 0
Images: 6
Server Version: 18.09.6
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: active
 NodeID: fpff6d44df9tt0547kf80w920
 Is Manager: true
 ClusterID: sgfun10lqklr1auugkcylr6kt
 Managers: 3
 Nodes: 7
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 10
 Dispatcher:
  Heartbeat Period: 30 seconds
 CA Configuration:
  Expiry Duration: 3 months
  Force Rotate: 0
 Autolock Managers: false
 Root Rotation In Progress: false
 Node Address: 10.3.34.34
 Manager Addresses:
  10.3.34.21:2377
  10.3.34.22:2377
  10.3.34.34:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: bb71b10fd8f58240ca47fbb579b9d1028eea7c84
runc version: 2b18fe1d885ee5083ef9f0838fee39b62d653e30
init version: fec3683
Security Options:
 apparmor
 seccomp
  Profile: default
Kernel Version: 4.4.0-87-generic
Operating System: Ubuntu 16.04.5 LTS
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 3.859GiB
Name: xxxxxxx
ID: H6IH:27MG:FK4B:O2K3:HMWH:U3YE:YZ4P:BKMW:DBDE:UT4L:GPTD:PUCH
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
  xxxxxxxxxxxxxxxx
  xxxxxxxxxxxxxxxx
Live Restore Enabled: false
Product License: Community Engine

[olljanat]

@ggaugry Currently you can change listen address port. It is documented to:
https://docs.docker.com/engine/reference/commandline/swarm_init/

#38102 also added support to change data addr port. It will be released as part of Docker 19.03.

About 7946 port I'm not sure. Let's wait if someone else will know.

However, I'm curious that which other service on your environment is using 7946 ? Any standard service should not use it.

[leonidbobovich]

It's a real issue for scenario where half of swarm ( two or more servers) hidden by NAT ( private network ) and second half of swarm ( even one server ) is located in public cloud. Overlay network failed to communicate. NAT just can't map 7946 port.

[donmstewart]

Not being able to configure port 7946 at swarm init time is also an issue if you run into opportunities such as all host open ports must be > 10000 e.g. say we need to move it due 17946 for InfoSec requirements. Right now 2377 and 4789 are moveable but 7946 is not which can literally become a 'blocker'

[karthikrab]

@olljanat We are also facing a similar problem here, we are trying to set up a swarm node on one of clients server. They are reluctant to open any port which are less that 10000.
Is there any solution that is available on this?

[olljanat]

@karthikrab ha ha, sounds that you are dealing with old skool firewall wall admin. I would ask them to explain how changing port to > 10000 makes it more secure? Afaik there is no option for this so it would need to be implemented.

[olljanat]

@sfescape if community (e.g. you) would implement that feature it most probably would be accepted. Other why this kind feature development to swarm does not most probably happen anymore as all most of the developers has changed their focus to Kubernetes.