Ports aren't opened for my project

1

I have a project that runs well on an v1.1.3 environment, but on v1.2.x (.0, .0-1, .1-rc1) it doesn’t!

For my tests I have:

  • centos-7.2
  • docker-1.12.3
  • one vm-master
  • one vm-node

On v1.2.x rancher doesn’t open ports for my stack to be acessible.

docker-compose:

LB-Homolog-brasilia-devopsdays:
  ports:
  - 1313:1313
  tty: true
  image: rancher/load-balancer-service
  links:
  - Homolog-brasilia-devopsdays:Homolog-brasilia-devopsdays
  stdin_open: true
Homolog-brasilia-devopsdays:
  environment:
    HUGO_BASE_URL: bsbdevopsdays.hacklab
    HUGO_BASE_URL_PORT: 1313
    HUGO_BUILD_DRAFTS: -D
  image: registry.gitlab.com/devops-df/brasilia.devopsdays.com.br:hugo-6.0.6-beta2

rancher-compose:

LB-Homolog-brasilia-devopsdays:
  scale: 1
  load_balancer_config:
    haproxy_config: {}
  health_check:
    port: 42
    interval: 2000
    unhealthy_threshold: 3
    healthy_threshold: 2
    response_timeout: 2000
Homolog-brasilia-devopsdays:
  scale: 1

If you want more infos… let I know, please.

2

It doesn’t matter which image I use.

3

I used your exact configs while creating a “Stack” in the Rancher UI and the services came up fine and the ports are also accessible.

I am using rancher/server:v.1.2.1 and ubuntu 14.04.5 hosts.

Since you are using the VMs on your laptop, you would have to use the private IP address of the VMs.
Example: Say you are using virtualbox, your VMs IP addresses are 172.22.100.100, 172.22.100.101, 172.22.100.102, you need to use: http://172.22.100.101:1313 to access your application. If you are using http://localhost:1313, it won’t work.

4

The load balancer configuration is different in 1.2, I would suggest recreating it in the UI and looking at the exported YAML.

Also if you’re just looking at docker ps, the PORTS column is always going to empty now. The mapping is managed in iptables in 1.2 and docker is told to configure the container as net: none, so as far as the daemon is concerned there are no ports mapped.

1 Like
5

This is the case.

Thanks by your support.

6

@[quote=“vincent, post:4, topic:4926”]
Also if you’re just looking at docker ps, the PORTS column is always going to empty now. The mapping is managed in iptables in 1.2 and docker is told to configure the container as net: none, so as far as the daemon is concerned there are no ports mapped.
[/quote]

@vincent : In that case, shouldn’t I see the ports in the iptables output? I’m not seeing anything except some generic rules in Rancher 1.4.

I’m unable to reach my service over the port 8080, and I’d like to confirm that something is actually listening on 8080. I’d traditionally do this using something like netstat -nap |grep -w LISTEN, but that doesn’t work here.

Are all of the listening containers hidden by the -j MASQUERADE --to-ports 1024-65535 rules below?

# iptables-save |grep CATTLE
-A PREROUTING -m addrtype --dst-type LOCAL -j CATTLE_PREROUTING
-A OUTPUT -m addrtype --dst-type LOCAL -j CATTLE_OUTPUT
-A POSTROUTING -j CATTLE_HOSTPORTS_POSTROUTING
-A POSTROUTING -j CATTLE_NAT_POSTROUTING
-A CATTLE_HOSTPORTS_POSTROUTING -s 10.42.55.111/32 -d 10.42.55.111/32 -p udp -m udp --dport 500 -j MASQUERADE
-A CATTLE_HOSTPORTS_POSTROUTING -s 10.42.55.111/32 -d 10.42.55.111/32 -p udp -m udp --dport 4500 -j MASQUERADE
-A CATTLE_NAT_POSTROUTING -s 10.42.0.0/16 ! -o docker0 -p tcp -j MASQUERADE --to-ports 1024-65535
-A CATTLE_NAT_POSTROUTING -s 10.42.0.0/16 ! -o docker0 -p udp -j MASQUERADE --to-ports 1024-65535
-A CATTLE_NAT_POSTROUTING -s 10.42.0.0/16 ! -o docker0 -j MASQUERADE
-A CATTLE_NAT_POSTROUTING -o docker0 -m addrtype --src-type LOCAL --dst-type UNICAST -j MASQUERADE
-A CATTLE_OUTPUT -p udp -m udp --dport 500 -m addrtype --dst-type LOCAL -j DNAT --to-destination 10.42.55.111:500
-A CATTLE_OUTPUT -p udp -m udp --dport 4500 -m addrtype --dst-type LOCAL -j DNAT --to-destination 10.42.55.111:4500
-A CATTLE_PREROUTING ! -i docker0 -p udp -m udp --dport 500 -j MARK --set-xmark 0x1068/0xffffffff
-A CATTLE_PREROUTING ! -i docker0 -p udp -m udp --dport 500 -j DNAT --to-destination 10.42.55.111:500
-A CATTLE_PREROUTING -p udp -m udp --dport 500 -m addrtype --dst-type LOCAL -j DNAT --to-destination 10.42.55.111:500
-A CATTLE_PREROUTING ! -i docker0 -p udp -m udp --dport 4500 -j MARK --set-xmark 0x1068/0xffffffff
-A CATTLE_PREROUTING ! -i docker0 -p udp -m udp --dport 4500 -j DNAT --to-destination 10.42.55.111:4500
-A CATTLE_PREROUTING -p udp -m udp --dport 4500 -m addrtype --dst-type LOCAL -j DNAT --to-destination 10.42.55.111:4500
:CATTLE_FORWARD - [0:0]
-A FORWARD -j CATTLE_FORWARD
-A CATTLE_FORWARD -m mark --mark 0x1068 -j ACCEPT