docker swarm External Validation Load Balancing Solution Not Effective
- 2021-10-27 09:48:51
- OfStack
Problem description
I created three virtual machines installed with centos7 locally and initialized swarm cluster, namely one manager node and two worker nodes. The ip of the three machines are respectively
192.168.124.8 - (manager节点)
,
192.168.124.9 - (worker节点)
,
192.168.124.10 - (worker节点)
[root@localhost ~]# docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
j0f4up8v7epacp3vceby4exsz localhost.localdomain Ready Active 19.03.13
qeeqc10gl9e56w61pajjqle08 localhost.localdomain Ready Active 19.03.13
r5sg5m9dkwcu76t56hg0vu29t * localhost.localdomain Ready Active Leader 19.03.14
Then I started a service on the swarm cluster with the following command
docker service create --name test-vote --replicas 2 --constraint node.role==worker --publish 8080:80 registry.cn-hangzhou.aliyuncs.com/anoy/vote
Direct curl worker node ip: The port can get the response, but the returned containerId1 is unchanged, and if you access manager node directly, you can't get the response, which seems that load balancing is not effective!
Solve
After one search, the answer was found on stack overflow, https://stackoverflow.com/questions/48360577/docker-swarm-routing-mesh-not-working
It turned out to be a firewall problem. According to the document, it is necessary to let
swarm mode routing mesh
If effective, it must be opened before initializing swarm cluster
7946
Adj.
tcp/udp
Port,
4789
Adj.
udp
Port, https://docs.docker.com/engine/swarm/ingress/
Therefore, if it is centos, the port can be opened with the following script, and every host in the swarm cluster needs to be opened. It is convenient for tcp and udp of these two ports to be opened; After opening the port, you need to restart the machine for 1 time
firewall-cmd --permanent --zone=public --add-port=4789/tcp && \
firewall-cmd --permanent --zone=public --add-port=7946/tcp && \
firewall-cmd --permanent --zone=public --add-port=4789/udp && \
firewall-cmd --permanent --zone=public --add-port=7946/udp && \
firewall-cmd --reload && \
# Restart
sudo reboot