背景:
我尝试搭建一个docker swarm的环境,有两台虚拟机,分别是 centos7和Ubuntu。
在两台机器上面分别装好docker之后,我在Ubuntu的机器上面初始化了swarm环境,然后我得到一个加入集群的地址。
我尝试在centos7机器上面执行该命令的时候提示我:
Error response from daemon: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 10.0.0.30:2377: connect: no route to host"
解决思路:
我们知道,docker swarm想要正常工作,需要开放一些端口的:
https://docs.docker.com/engine/swarm/swarm-tutorial/#open-protocols-and-ports-between-the-hosts
Open protocols and ports between the hosts The following ports must be available. On some systems, these ports are open by default. TCP port 2377 for cluster management communications TCP and UDP port 7946 for communication among nodes UDP port 4789 for overlay network traffic
我为了方便,索性直接关闭了 centos7和 Ubuntu的防火墙:
对于centos7,我执行了
sudo systemctl stop firewalld sudo systemctl disable firewalld sudo systemctl mask --now firewalld
对于Ubuntu,我执行了
sudo ufw disable
然后我再次尝试 用centos7的节点加入Ubuntu的节点,还是提示我 no route to host
我尝试了 ping 和 ssh ,两台机器的 ip互通是没问题的,可以ping通,也可以ssh。
然后我尝试用 netstat -tuplen 命令 查看监听,发现ssh的22端口 既监听了 tcp的还有 tcp6的,而容器通信2377的端口只有tcp6的。
然后我猜测,可能问题在这里,后面一通操作,又是禁用ipv6 又是各种重启。最后通过查阅别人写的文章,发现问题不在这里,netstat里面显示的监听tcp6没啥问题,他同时也会监听ipv4的。方向搞错了!
然后我通过 https://www.alphr.com/no-route-to-host-error-in-linux-what-to-do/这个文章的思路,用
nmap -sS 192.168.0.30 -p 2377 命令进行排查,好像还真是端口不通的问题。查阅了大量资料也都是在说这种 connect: no route to host的错误一般都是 防火墙的问题,而不是网络通信问题。
‘No Route to Host’ denotes a network problem, usually one which shows up when the server or host is not responding. This may happen because of network issues or because of an inappropriate setup.
于是我在Ubuntu上面执行了 iptables -L命令,果然出来了很多规则,于是我用 iptables -F进行清空。再用nmap进行测试,端口通了!
尝试docker的集群加入,成功!
参考资料:
https://blog.csdn.net/fygkchina/article/details/103425183
https://www.zhihu.com/question/51740294
https://www.ndboxin.com/help/article/67
https://www.alphr.com/no-route-to-host-error-in-linux-what-to-do/