Docker stack deploy with host network still not working

Question

I understand that some discussion in docker issue #25873 saying this is supported in 17.06 ce. I have installed 17.09 in Linux and 18.03 in Windows. Both have the same problem complaining

network "host" is declared as external, but it is not in the right scope: "local" instead of "swarm"

Would like to know why I'm not able to use the host network with scope local ? Is there a way to use host network when running docker stack deploy ?

Docker Version

Client:
 Version:       18.03.0-ce
 API version:   1.37
 Go version:    go1.9.4
 Git commit:    0520e24
 Built: Wed Mar 21 23:06:28 2018
 OS/Arch:       windows/amd64
 Experimental:  false
 Orchestrator:  swarm

Server:
 Engine:
  Version:      18.03.0-ce
  API version:  1.37 (minimum version 1.12)
  Go version:   go1.9.4
  Git commit:   0520e24
  Built:        Wed Mar 21 23:14:32 2018
  OS/Arch:      linux/amd64
  Experimental: false

Docker info

Containers: 0
 Running: 0
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 18.03.0-ce
Storage Driver: overlay2
 Backing Filesystem: extfs
 Supports d_type: true
 Native Overlay Diff: true
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
 NodeID: cqa33vk220d3zpp9g2gqar9hd
 Is Manager: true
 ClusterID: cphphnyrr379dbm5044snxrjy
 Managers: 1
 Nodes: 1
 Orchestration:
  Task History Retention Limit: 5
 Raft:
  Snapshot Interval: 10000
  Number of Old Snapshots to Retain: 0
  Heartbeat Tick: 1
  Election Tick: 3
 Dispatcher:
  Heartbeat Period: 5 seconds
 CA Configuration:
  Expiry Duration: 3 months
  Force Rotate: 0
 Autolock Managers: false
 Root Rotation In Progress: false
 Node Address: 192.168.65.3
 Manager Addresses:
  192.168.65.3:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: cfd04396dc68220d1cecbe686a6cc3aa5ce3667c
runc version: 4fc53a81fb7c994640722ac585fa9ca548971871
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.9.87-linuxkit-aufs
Operating System: Docker for Windows
OSType: linux
Architecture: x86_64
CPUs: 2
Total Memory: 1.934GiB
Name: linuxkit-00155d006407
ID: YRXM:MKGD:7VQM:ZNK2:XKCI:DYTL:VVQH:XP5X:QRCY:CKP2:5EVJ:3QE4
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
 File Descriptors: 33
 Goroutines: 145
 System Time: 2018-04-08T07:24:34.2713256Z
 EventsListeners: 1
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

Docker Compose file

version: '3.4'

services:
  test:
    image: alpine
    command: top
    networks:
      - host

networks:
  host:
    external:
      name: host

Executing

C:\>docker stack deploy -c docker-compose.yml test

network "host" is declared as external, but it is not in the right scope: "local" instead of "swarm"

Did you upgrade from an older version of the engine with swarm already enabled? https://stackoverflow.com/q/44460646/596285 — BMitch, Apr 08 '18 at 12:58
This is a new Docker installation for Windows. I have created the swarm `docker swarm init` before running a docker-compose test. I can try delete the HyperV MobyLinux and rerun. Will update again — jlim, Apr 08 '18 at 18:59
Windows doesn't seems to work. I haven't tried in Linux. I have a feeling Linux might work because it was an upgrade from 17.09-ce, whereas Windows is a new installation — jlim, Apr 09 '18 at 04:04
Docker for Windows has a special Moby VM in Hyper-V that isn't designed to do this. Even without the error it may not work as expected because DforWin does some networking redirection with localhost to simulate it running on host OS. For testing this type of Swarm network feature, I recommend using `docker-machine create --driver hyperv` for more real-world testing. https://docs.docker.com/machine/drivers/hyper-v/ — Bret Fisher, Apr 09 '18 at 16:33
Here's a good example of how you can avoid overlay network with different networking drivers http://collabnix.com/docker-17-06-swarm-mode-now-with-macvlan-support/ — Bret Fisher, Apr 09 '18 at 16:35
Thanks Bret and BMitch. Validated in Linux, recreate swarm works. I will take both of your comments as the solution. I will disregard Windows test for now, but will definitely use docker-machine as advised by Bret going forward. Thanks gurus — jlim, Apr 09 '18 at 19:23

score 12 · Answer 1 · answered Dec 11 '18 at 04:46

12

As of November Docker 18.09 release, this should work on modern Linux the same as Windows Server 2019. You can connect one service to a host port directly as well as overlay networks.

To use a host NIC directly for a published port, you don't use networks, you just change the published port mode like so:

services:
  traefik:
    image: traefik:alpine
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host

For normal published ports it would be mode: ingress

If you want the service to talk to overlay networks as well, you can add networks the usual way. I've got a full example of this for Traefik here.

answered Dec 11 '18 at 04:46

Bret Fisher

8,164
2
31
36

Hi Bret. I tested this with Docker 18.09.2 in order to get the correct client IP. Strangely, I get the docker_gwbridge address as client IP, not the real one. – Alessandro Dionisi Feb 28 '19 at 11:23
Can you give a working example to reproduce the issue? – Bret Fisher Mar 02 '19 at 08:26
I discovered that the problem was due to iptables = false in Docker daemon config and manual iptables handling. Restoring default config solved the issue, thanks. – Alessandro Dionisi Mar 03 '19 at 09:54

Docker stack deploy with host network still not working

Docker Version

Docker info

Docker Compose file

Executing

1 Answers1