Of Stack

docker swarm External Validation Load Balancing Solution Not Effective

  • 2021-10-27 09:48:51
  • OfStack

Problem description

I created three virtual machines installed with centos7 locally and initialized swarm cluster, namely one manager node and two worker nodes. The ip of the three machines are respectively 192.168.124.8 - (manager节点) , 192.168.124.9 - (worker节点) , 192.168.124.10 - (worker节点) 


[root@localhost ~]# docker node ls
ID                            HOSTNAME                STATUS              AVAILABILITY        MANAGER STATUS      ENGINE VERSION
j0f4up8v7epacp3vceby4exsz     localhost.localdomain   Ready               Active                                  19.03.13
qeeqc10gl9e56w61pajjqle08     localhost.localdomain   Ready               Active                                  19.03.13
r5sg5m9dkwcu76t56hg0vu29t *   localhost.localdomain   Ready               Active              Leader              19.03.14

Then I started a service on the swarm cluster with the following command 


docker service create --name test-vote --replicas 2 --constraint node.role==worker --publish 8080:80  registry.cn-hangzhou.aliyuncs.com/anoy/vote

Direct curl worker node ip: The port can get the response, but the returned containerId1 is unchanged, and if you access manager node directly, you can't get the response, which seems that load balancing is not effective!

Solve

After one search, the answer was found on stack overflow, https://stackoverflow.com/questions/48360577/docker-swarm-routing-mesh-not-working

It turned out to be a firewall problem. According to the document, it is necessary to let swarm mode routing mesh If effective, it must be opened before initializing swarm cluster 7946 Adj. tcp/udp Port, 4789 Adj. udp Port, https://docs.docker.com/engine/swarm/ingress/

Therefore, if it is centos, the port can be opened with the following script, and every host in the swarm cluster needs to be opened. It is convenient for tcp and udp of these two ports to be opened; After opening the port, you need to restart the machine for 1 time 


firewall-cmd --permanent --zone=public --add-port=4789/tcp && \
firewall-cmd --permanent --zone=public --add-port=7946/tcp && \
firewall-cmd --permanent --zone=public --add-port=4789/udp && \
firewall-cmd --permanent --zone=public --add-port=7946/udp  && \
firewall-cmd --reload && \
#  Restart 
sudo reboot
Related articles: