Notes on docker swam weave debugging.
Install weave script
-
sudo curl -L git.io/weave -o /usr/local/bin/weave
-
sudo chmod a+x /usr/local/bin/weave
On a working node
-
sudo iptables -S
shows something like:
-
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-
-A DOCKER-ISOLATION-STAGE-2 -o docker_gwbridge -j DROP
-
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-
-A DOCKER-USER -j RETURN
-
-A WEAVE-IPSEC-IN -s A/32 -d D/32 -p udp -m udp --dport 6784 -m mark ! --mark 0x20000/0x20000 -j DROP
-
-A WEAVE-IPSEC-IN -s B/32 -d D/32 -p udp -m udp --dport 6784 -m mark ! --mark 0x20000/0x20000 -j DROP
-
-A WEAVE-IPSEC-IN -s C/32 -d D/32 -p udp -m udp --dport 6784 -m mark ! --mark 0x20000/0x20000 -j DROP
Those rules at the bottom have ip addresses matching the other nodes
Debug:
-
sudo journalctl -u docker --since "1 hour ago"
-
weave status
-
weave status peers
-
weave report
Test with contianer
-
docker network create --driver=weaveworks/net-plugin:latest_release --opt encrypted --attachable testnet_weave_encrypted
-
docker node update --label-add test=true XXX
-
docker service create --network=testnet_weave_encrypted --name web_encrypted --replicas=1 --constraint 'node.labels.test == true' nginx:latest
-
-
docker run --rm --name alpine --net=testnet_weave_encrypted -ti alpine:latest sh
-
apk add --no-cache curl
-
curl -i tasks.web_encrypted
Weave plugin logs:
get the plugin id by
-
docker plugin inspect xxx | grep "\"Id\""
sudo cat /run/docker/plugins/a140435df6d3c9c7a889d1f6a7f83765a7c3e485aba53683248e11b0888db78b/int-stderr
RJM Article Type
Work Notes