Docker Swarm Weave Notes

Submitted by code_admin on Tue, 05/18/2021 - 10:42

Notes on docker swam weave debugging.

Install weave script

  1. sudo curl -L git.io/weave -o /usr/local/bin/weave
  2. sudo chmod a+x /usr/local/bin/weave

On a working node

  1. sudo iptables -S

shows something like:

  1. -A DOCKER-ISOLATION-STAGE-1 -j RETURN
  2. -A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
  3. -A DOCKER-ISOLATION-STAGE-2 -o docker_gwbridge -j DROP
  4. -A DOCKER-ISOLATION-STAGE-2 -j RETURN
  5. -A DOCKER-USER -j RETURN
  6. -A WEAVE-IPSEC-IN -s A/32 -d D/32 -p udp -m udp --dport 6784 -m mark ! --mark 0x20000/0x20000 -j DROP
  7. -A WEAVE-IPSEC-IN -s B/32 -d D/32 -p udp -m udp --dport 6784 -m mark ! --mark 0x20000/0x20000 -j DROP
  8. -A WEAVE-IPSEC-IN -s C/32 -d D/32 -p udp -m udp --dport 6784 -m mark ! --mark 0x20000/0x20000 -j DROP

Those rules at the bottom have ip addresses matching the other nodes

Debug:

  1. sudo journalctl -u docker --since "1 hour ago"
  1. weave status
  2. weave status peers
  3. weave report

Test with contianer

  1. docker network create --driver=weaveworks/net-plugin:latest_release  --opt encrypted --attachable testnet_weave_encrypted
  2. docker node update --label-add test=true XXX
  3. docker service create --network=testnet_weave_encrypted --name web_encrypted --replicas=1  --constraint 'node.labels.test == true' nginx:latest
  4.  
  5. docker run --rm --name alpine --net=testnet_weave_encrypted -ti alpine:latest sh
  6. apk add --no-cache curl
  7. curl -i tasks.web_encrypted

Weave plugin logs:

get the plugin id by

  1. docker plugin inspect xxx | grep "\"Id\""

sudo cat /run/docker/plugins/a140435df6d3c9c7a889d1f6a7f83765a7c3e485aba53683248e11b0888db78b/int-stderr

RJM Article Type
Work Notes