0

In short: I want a second machine on the same LAN network to join the docker swarm but it keeps failing with error "connection refused". Please help me ;)

A little longer: I have 2 windows machines, both running Docker desktop and I am trying to get machine 1 as manager and machine 2 as worker in a docker swarm.

machine 1 has ip: 192.168.1.102 machine 2 has ip: 192.168.1.103

Both machines are on the same network and have the same subnet mask and gateway I Added on both machines inbound and outbound rules to allow ports:

  • TCP: 2377 and 7946
  • UDP: 7946 and 4789

Attempt 1 to join via powershell on the second machine docker swarm init output from console:

docker swarm join --token SWMTKN-1-3b9cxew98787g82elx0vm8uqc72ol2nykmfad34zf5jmljb832-7gaqy8fthak0v0uzoufcxnwiz 192.168.65.3:2377

If I try this command on machine-2 it fails with "connection refused"

Attempt 2:

docker swarm init --advertise-addr 192.168.1.102 --listen-addr 127.0.0.0:2377

output from console:

docker swarm join --token SWMTKN-1-5415kg2nztzyjur50jy4byxvo2wbewnfennmzieck53xeatcdw-94y9bzxnemxaf2kjx8pvue53v 192.168.1.102:2377

If I try this command on machine-2 I get Connection timeout => and when inspecting via docker info I see it states "connection refused" => so the same

I also tried this with firewalls disabled on both machines.

When I try to ping from machine 2 to machine 1 (ping 192.168.1.102) I get a timely response.

So my question is: This should be stupidly simple: How can I create a swarm which is joinable by another node on the same subnet, both on windows machines running Docker in WSL mode.

What I did after the first comment:

  • I disabled all firewalls on both machines

  • List item

  • Enabled WSL2 mirrored connection (checked and works)

  • checking the ports with nmap (nmap -p 2377 192.168.1.102) gives

    PORT STATE SERVICE 2377/tcp closed swarm

So it seems there is just no one listening on port 2377?

Thank you in advance!

Gijsbert Brouwer
  • 101

1 Answers1

0

When you create a service on a port inside of WSL, that service will not be accessible on the host's port. The default behavior is that the service will only be accessible on the WSL VM (more context), in which case you would reach it at the VM's own IP address if trying to access it from the host. For example, if you had a webserver on port 5000, you would have to reach it at http://<WSL_IP_ADDRESS>:5000/, and it would be unreachable at http://<HOST_IP_ADDRESS>:5000/. However, as you observe, you would still be able to ping both of those addresses and get a response, assuming there were no configuration to prevent that.

In your case, you have two separate services inside separate VMs (WSL) on separate machines, and you'd like those services to be able to communicate as though the services are directly on their respective hosts i.e. via the IP addresses of their respective hosts.

There are two ways to do this:

  1. Enable mirrored mode networking on both WSL instances (see this answer and more context). This means all services on the WSL instance will be accessible on the host.
  2. Forward the specific ports you need for Docker Swarm (see this answer). This is a bit more involved than just poking a hole in or disabling the firewall, although that step may still be required and/or different from what you've already done- that answer covers it.

Once you've done either of these, your two Docker Swarm instances should be able to reach one another with the same commands you're currently using.

gregdan3
  • 142