I remember the pre-SELinux on Fedora days. In later editions it was installed, but it definitely was not enabled by default. We are in a new age, where systems come considerably more secure by default. This confused me considerably. Especially when a few of the suggested fixes did not work, and one of them partially worked. I was up late wondering why the system was opening port 2375 on an IPv6 interface, but not at all on IPv4. This was just to expose the docker endpoint to portainer so that I could manage 3 hosts through a single web interface. The issue I faced was that the methods in the documentation I had used to expose the docker port had changed.
The strange thing is that the old method of doing it worked on one photon instance, but not the other. Pretty much my entire problem was described in this article, with the resolution.
Aggregate 1:
The docker endpoint port
The only piece missing, which I had to resolve, was the correct IP address in the 10-dockerd.conf file. It kept defaulting to IPv6 on the host when I used 0.0.0.0:2375. Changed it to the actual IP address on the system and everything started correctly. Ran "docker swarm init", followed the instructions to add the workers to the swarm, and now everything survives a reboot without losing connectivity to the swarm. I did also run "iptables -A INPUT -p tcp --dport 2377 -j ACCEPT" on the manager node, just in case iptables wanted to fight.
Aggregate 2:
Create the swarm
This also opens the endpoint port for portainer. You can add the endpoints and then use the drop-down menu to view the local and remote hosts. This can be very helpful with a swarm. I have set up a single manager in my 3 node swarm, since everything should be kept relatively small until requirements grow in a home lab. Depending on the services that are built, multiple managers may be a requirement. Future plans from within the docker realm include building a container "from scratch". I was left without any good guides on this last year, so I figured I should try to add one. Instead I ended up getting bored and creating a local registry with self-signed SSL certs. I will also probably revisit that with LetsEncrypt certs.
A fun little aside paraphrased from something that I read on a forum recently: Sometimes I forget to type in sudo prior to a command that requires elevated privileges. To run the previous command in bash, you type "!!". You can escalate privileges by typing "sudo !!", a command I refer to as "Bitch, I said".
Subscribe to:
Post Comments (Atom)
3d design for printing
I don't want to sound like an idiot. I really don't. I just lack the patience to learn Blender. It's not just because the nam...
-
One of the ideal outcomes of new technology is advancing automation. Setting a schedule for a device to follow and establishing triggers to... -
The fun stuff you can do with smart home devices is generally reliant on having a smart home hub. You can set up scripts in your devices, o... -
I don't want to sound like an idiot. I really don't. I just lack the patience to learn Blender. It's not just because the nam...
No comments:
Post a Comment