1

I'm trying to expose portainer agent port 9001 on a swarm cluster in order to reach it from an external portainer, it is deployed in 'global' mode.

Following docker-compose file works :

version: "3.2"
services:
  agent:
    image: "portainer/agent:1.1.2"
    environment:
      AGENT_CLUSTER_ADDR: tasks.agent
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    networks:
      - priv_portainer
    deploy:
      mode: global

networks:
  priv_portainer:
    driver: overlay

Then, when I try to expose port 9001, stack starts but there are log errors and portainer fails to connect these agents :

version: "3.2"
services:
  agent:
    image: "portainer/agent:1.1.2"
    environment:
      AGENT_CLUSTER_ADDR: tasks.agent
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /var/lib/docker/volumes:/var/lib/docker/volumes
    ports:
      - "9001:9001"
    networks:
      - priv_portainer
    deploy:
      mode: global

networks:
  priv_portainer:
    driver: overlay

Event with another port :

ports:
  - "19001:9001"

And even with a port that has nothing to do :

ports:
  - "12345:54321"

EDIT

Logs from stack :

portainer_agent_agent.0.13cjb851d9me@ignochtulelk02d | 2018/11/26 05:28:50 [INFO] serf: EventMemberJoin: b6040a1ccc2a 10.255.0.13 portainer_agent_agent.0.13cjb851d9me@ignochtulelk02d | 2018/11/26 05:28:50 [INFO] - Starting Portainer agent version 1.1.2 on 0.0.0.0:9001 (cluster mode: true) portainer_agent_agent.0.13cjb851d9me@ignochtulelk02d | 2018/11/26 05:28:50 [INFO] serf: EventMemberJoin: c6c277e3f60b 10.255.0.11 portainer_agent_agent.0.13cjb851d9me@ignochtulelk02d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.11:7946: write udp [::]:7946->10.255.0.11:7946: sendto: operation not permitted portainer_agent_agent.0.13cjb851d9me@ignochtulelk02d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.11:7946: write udp [::]:7946->10.255.0.11:7946: sendto: operation not permitted portainer_agent_agent.0.13cjb851d9me@ignochtulelk02d | 2018/11/26 05:28:51 [INFO] serf: EventMemberJoin: 3e290151a5eb 10.255.0.12 portainer_agent_agent.0.13cjb851d9me@ignochtulelk02d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.11:7946: write udp [::]:7946->10.255.0.11:7946: sendto: operation not permitted portainer_agent_agent.0.13cjb851d9me@ignochtulelk02d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.12:7946: write udp [::]:7946->10.255.0.12:7946: sendto: operation not permitted portainer_agent_agent.0.13cjb851d9me@ignochtulelk02d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.12:7946: write udp [::]:7946->10.255.0.12:7946: sendto: operation not permitted portainer_agent_agent.0.13cjb851d9me@ignochtulelk02d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.11:7946: write udp [::]:7946->10.255.0.11:7946: sendto: operation not permitted portainer_agent_agent.0.985h7xcfkux0@ignopotulelk03d | 2018/11/26 05:28:51 [INFO] serf: EventMemberJoin: 3e290151a5eb 10.255.0.12 portainer_agent_agent.0.985h7xcfkux0@ignopotulelk03d | 2018/11/26 05:28:51 [INFO] serf: EventMemberJoin: b6040a1ccc2a 10.255.0.13 portainer_agent_agent.0.985h7xcfkux0@ignopotulelk03d | 2018/11/26 05:28:51 [INFO] serf: EventMemberJoin: c6c277e3f60b 10.255.0.11 portainer_agent_agent.0.985h7xcfkux0@ignopotulelk03d | 2018/11/26 05:28:51 [INFO] - Starting Portainer agent version 1.1.2 on 0.0.0.0:9001 (cluster mode: true) portainer_agent_agent.0.985h7xcfkux0@ignopotulelk03d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.13:7946: write udp [::]:7946->10.255.0.13:7946: sendto: operation not permitted portainer_agent_agent.0.985h7xcfkux0@ignopotulelk03d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.11:7946: write udp [::]:7946->10.255.0.11:7946: sendto: operation not permitted portainer_agent_agent.0.mljirysir6px@ignopotulelk01d | 2018/11/26 05:28:50 [INFO] serf: EventMemberJoin: c6c277e3f60b 10.255.0.11 portainer_agent_agent.0.mljirysir6px@ignopotulelk01d | 2018/11/26 05:28:50 [INFO] serf: EventMemberJoin: b6040a1ccc2a 10.255.0.13 portainer_agent_agent.0.mljirysir6px@ignopotulelk01d | 2018/11/26 05:28:50 [INFO] - Starting Portainer agent version 1.1.2 on 0.0.0.0:9001 (cluster mode: true) portainer_agent_agent.0.mljirysir6px@ignopotulelk01d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.13:7946: write udp [::]:7946->10.255.0.13:7946: sendto: operation not permitted portainer_agent_agent.0.mljirysir6px@ignopotulelk01d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.13:7946: write udp [::]:7946->10.255.0.13:7946: sendto: operation not permitted portainer_agent_agent.0.mljirysir6px@ignopotulelk01d | 2018/11/26 05:28:51 [INFO] serf: EventMemberJoin: 3e290151a5eb 10.255.0.12 portainer_agent_agent.0.mljirysir6px@ignopotulelk01d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.13:7946: write udp [::]:7946->10.255.0.13:7946: sendto: operation not permitted portainer_agent_agent.0.mljirysir6px@ignopotulelk01d | 2018/11/26 05:28:51 [ERR] memberlist: Failed to send gossip to 10.255.0.12:7946: write udp [::]:7946->10.255.0.12:7946: sendto: operation not permitted

When I replace :

ports:
  - "9001:9001"

With :

- target: 9001
  published: 9001
  protocol: tcp
  mode: host

It works, why host mode solves this problem ?

Nelson G.
  • 5,145
  • 4
  • 43
  • 54
  • how do you make the connection? – Siyu Nov 24 '18 at 09:08
  • can you please show the full file after the port addition ? does it give you any error message? how does the docker ps looks like after it? – eran meiri Nov 24 '18 at 09:31
  • full file added – Nelson G. Nov 24 '18 at 10:24
  • Hi @NelsonG. What do you mean by "It does not work?" Are you unable to deploy the agent? Are you unable to connect it via Portainer? You can find a stack deployment example at https://portainer.readthedocs.io/en/stable/agent.html#connecting-an-existing-portainer-instance-to-an-agent – Tony Nov 24 '18 at 20:24
  • I updated my post with logs. Solution provided by https://portainer.readthedocs.io/en/stable/agent.html#connecting-an-existing-portainer-instance-to-an-agent works (`mode: host`), however I don't understand why ? – Nelson G. Nov 26 '18 at 05:31
  • I still don't understand what you mean by "I does not work". What's not working? Also, can you give me more details about how you started the Portainer instance and how you connect to the agent? – Tony Nov 26 '18 at 22:29
  • => Docker stack starts but there are lots of error logs (see logs) and portainer fails to connect to agents – Nelson G. Nov 27 '18 at 12:10

0 Answers0