I have a two hosts rancher test environment: one server is running rancher server and the other the agent and my containers.
Server is running on 192.168.88.190 and agent in 192.168.88.200.
I’m running:
Rancher v0.28.0
Cattle v0.64.0
User Interface v0.34.0
Rancher Compose beta/latest
When I create a load balancer (ie the Wordpress “Multi-Container Application” described in the docs), I can’t access the application using the “public” host IP address. My test host IP address is 192.168.88.200.
I can only access the app using the lb agent’s IP address: 10.42.13.49:8083 (not 192.168.88.200:8083).
In fact, clicking the load balancer’s link, it shows:
Info
Host IP
Container IP 10.42.13.49
Image rancher/agent-instance:v0.3.1
Entrypoint None
Command None
I guess it should show “Host IP 192.168.88.200”.
When I created the load balancer, I specified name (wordpresslb), scale, (1), public port (8083) and, in targets, I added one service with target service (mywordpress) and target port (80).
What am I doing wrong? I like to view the wordpress app in http://192.168.88.200:8083 (host’s IP address).
It’s strange that, in fact, the load balancer container shows the following:
Ports
State IP Address Public (on Host) Private (in Container) Protocol
ACTIVE 192.168.88.200 8083 8083 TCP
But 8083 port doesn’t exist in the real host:
$ netstat -lnp
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9344 0.0.0.0:* LISTEN -
udp 0 0 0.0.0.0:5353 0.0.0.0:* 1573/chromium
udp6 0 0 :::4500 :::* -
udp6 0 0 :::500 :::* -
raw6 0 0 :::58 :::* 7 -
…
[snip]
Then, I must manually add the necessary iptables rules on the host to forward traffic to the balancer’s container. I thought rancher itself would do that.
@marceloaguero Rancher is supposed to publish the port to the host for the LB listening ports. If it didn’t, its a bug. Working it around by adding the iptables rules manually won’t be sufficient as Rancher will overwrite them on the next port publish for any containers in the network.
I’m facing similar issue. I’m trying to loadbalance redis. When I try to ping the loadbalancer directory it works but, when i try to hit it through host it fails.
[root@perfdell15 /]# /var/lib/docker/devicemapper/mnt/84e4cfe177dcd0b9299b0991e00c4c28e4de6fcf00a8852b1c7cfd9d357be375/rootfs/usr/local/bin/redis-cli -h 10.42.188.171 -p 16379
10.42.188.171:16379> PING
PONG
[root@perfdell15 /]#
/var/lib/docker/devicemapper/mnt/84691672116cb8ba90ced799b3fe3d3040103b7e0d5d3d15cde4224f0f0a475f/rootfs/usr/local/bin/redis-cli -h 127.0.0.1 -p 16379
Could not connect to Redis at 127.0.0.1:16379: Connection refused
not connected> exit
[root@perfdell15 /]# /var/lib/docker/devicemapper/mnt/84691672116cb8ba90ced799b3fe3d3040103b7e0d5d3d15cde4224f0f0a475f/rootfs/usr/local/bin/redis-cli -h perfdell15 -p 16379
Could not connect to Redis at perfdell15:16379: Connection refused
My IPtables grep :
DNAT tcp – anywhere anywhere ADDRTYPE match dst-type LOCAL tcp dpt:16379 to:10.42.188.171:16379