I've been having an issue deploying the Portainer agent across a newly created Docker swarm. One of the nodes starts the agent without any issue [we'll call that HOST#1] but then HOST#2 will just infinitely try to deploy the agent container (showing preparing container under the services menu in portainer), before eventually showing failed with the below error message and then attempting to create a new container.
Error:
starting container failed: error creating external connectivity network: cannot restrict inter-container communication: open /proc/sys/net/bridge/bridge-nf-call-iptables: permission denied
What i've tested/tried
I have been following the instructions outlined on the portainer wiki and using the agent-stack.yml file for adding an existing agent to a swarm, https://docs.portainer.io/v/ce-2.11/start/install/agent/swarm/linux I did also try delete the agent altogether from the swarm and deyploying it again, with the same results.
- No issues deploying the hello world service to the swarm.
- Temporarily disabling ufw
- setting ufw allow in on docker0
- setting ufw allow in on docker_gwbridge
- docker node ls reports both nodes are Ready & avalible
Environment details:
- Both systems running Ubuntu server 20.04
- Both systems running Docker version 20.10.12
- Both systems running kernel versions 5.4.0*
- Both are running as manager nodes in the swarm
- Portainer Agent 2.11.0
- The system unable to deploy the Agent is a OpenVZ VPS [HOST#2]
- The VPS [HOST#2] is connected to my local network via a OpenVPN (layer 2) tap adapter, therefore the swarm is connecting over the VPN
- HOST2 is running ufw for firewall management while HOST1 is not
I'm quite new to docker swarm but i have been using docker for many years. Any help highly appreciated
