Docker 1.12.1：swarm init 后，worker 无法加入 swarm答案

【问题标题】：Docker 1.12.1: after swarm init, workers unable to join swarmDocker 1.12.1：swarm init 后，worker 无法加入 swarm
【发布时间】：2016-08-28 12:42:53
【问题描述】：

我看到与described here 和here 相同的问题。我已经尝试了在这两种情况下有效的所有方法 - 我仍然看到相同的行为。有人可以提供我可以尝试的替代方案吗？

我的设置：

我正在运行 3 个 Centos 7.2 盒子。在所有机器上运行的网络时间协议 (ntpd)。一切都已经 yum 更新了。以下是一些详细信息：

Linux version 3.10.0-327.28.2.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) )

Docker 版本：

# docker version
Client:
 Version:      1.12.1
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   23cf638
 Built:        
 OS/Arch:      linux/amd64

Server:
 Version:      1.12.1
 API version:  1.24
 Go version:   go1.6.3
 Git commit:   23cf638
 Built:        
 OS/Arch:      linux/amd64

设置群管理器：

>docker swarm init --advertise-addr 10.1.1.40:2377 --force-new-cluster
// on some retry attempts (after 'docker swarm leave --force') I ran:
>docker swarm init --advertise-addr 10.1.1.40:2377 --force-new-cluster

经理状态：

>docker node inspect self
[
{
    "ID": "3x5q1n9v956g3ptdle2eve856",
    "Version": {
        "Index": 10
    },
    "CreatedAt": "2016-08-27T13:01:13.400345797Z",
    "UpdatedAt": "2016-08-27T13:01:13.580143388Z",
    "Spec": {
        "Role": "manager",
        "Availability": "active"
    },
    "Description": {
        "Hostname": "mymanagerhost.mycompany.com",
        "Platform": {
            "Architecture": "x86_64",
            "OS": "linux"
        },
        "Resources": {
            "NanoCPUs": 4000000000,
            "MemoryBytes": 16659128320
        },
        "Engine": {
            "EngineVersion": "1.12.1",
            "Plugins": [
                {
                    "Type": "Network",
                    "Name": "bridge"
                },
                {
                    "Type": "Network",
                    "Name": "host"
                },
                {
                    "Type": "Network",
                    "Name": "null"
                },
                {
                    "Type": "Network",
                    "Name": "overlay"
                },
                {
                    "Type": "Volume",
                    "Name": "local"
                }
            ]
        }
    },
    "Status": {
        "State": "ready"
    },
    "ManagerStatus": {
        "Leader": true,
        "Reachability": "reachable",
        "Addr": "10.1.1.40:2377"
    }
}
]

在工作节点上（我有两个，但它们的行为相同）。

加入 Swarm：

>docker swarm join     --token SWMTKN-1-4fjh7kncdpwjvxnxisamhldgenmmnqyvhnx9qdi8d4hkkfuacv-168gs9okd5ck0r4lokdgpef92     10.1.1.40:2377

Error response from daemon: Timeout was reached before node was joined. Attempt to join the cluster will continue in the background. Use "docker info" command to see the current swarm status of your node.

Docker info 命令的输出：

>docker info
Plugins:
 Volume: local
 Network: null host bridge overlay
Swarm: pending
 NodeID: 
 Error: rpc error: code = 1 desc = context canceled
 Is Manager: false
 Node Address: 10.1.1.50
Runtimes: runc
Default Runtime: runc
Security Options: seccomp
Kernel Version: 3.10.0-327.28.2.el7.x86_64
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 15.52 GiB
Name: myWorkerNode.mycompany.com
ID: DAWE:VDRA:ZUVS:P7PH:ADCP:MFNU:2LOS:C6TG:XSIS:Y7EX:I46S:KFXT
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Insecure Registries:
 127.0.0.0/8

根据下面的第一个答案进行编辑

所以我尝试使用 stop/start 周围的命令离开。我做到了：

# docker swarm leave --force
Node left the swarm.
# service docker stop
Redirecting to /bin/systemctl stop  docker.service
# 
# service docker start
Redirecting to /bin/systemctl start  docker.service

# docker swarm init --advertise-addr 10.1.1.40:2377
Swarm initialized: current node (0e0y2k2hngnwyeg86ilzbrjmu) is now a manager.

To add a worker to this swarm, run the following command:
docker swarm join \
    --token SWMTKN-1-2ggj60tnbppgjlg63a58oe5pqtv0vfrpj81hheawanf76x7cjc-7v48qak22wd03y3jyv903a9if \
10.1.1.40:2377

然后在我做的工人身上：

# docker swarm leave
Node left the swarm.
# service docker stop
Redirecting to /bin/systemctl stop  docker.service
# service docker start
Redirecting to /bin/systemctl start  docker.service
# docker swarm join \
>     --token SWMTKN-1-2ggj60tnbppgjlg63a58oe5pqtv0vfrpj81hheawanf76x7cjc-    7v48qak22wd03y3jyv903a9if \
    >     10.1.1.40:2377
Error response from daemon: Timeout was reached before node was joined.     Attempt to join the cluster will continue in the background. Use "docker info" command to see the current swarm status of your node.

这显然是相同的行为......

更新

我已经尝试了@Miad Abrin 列出的所有步骤。我仍然得到相同的行为。我猜原因与我看到的 CERTS 错误有关：

# journalctl -xe
Aug 29 12:26:15 dockerd[6577]: time="2016-08-29T12:26:15.554904435-04:00" level=warning msg="failed to retrieve remote root CA certificate: rpc
Aug 29 12:26:15 dockerd[6577]: time="2016-08-29T12:26:15.555400400-04:00" level=warning msg="failed to retrieve remote root CA certificate: rpc
Aug 29 12:26:15 dockerd[6577]: time="2016-08-29T12:26:15.555478782-04:00" level=warning msg="failed to retrieve remote root CA certificate: rpc
Aug 29 12:26:15 dockerd[6577]: time="2016-08-29T12:26:15.555528929-04:00" level=warning msg="failed to retrieve remote root CA certificate: rpc
Aug 29 12:26:15 dockerd[6577]: time="2016-08-29T12:26:15.555685464-04:00" level=warning msg="failed to retrieve remote root CA certificate: rpc

有谁知道这个问题的原因以及如何纠正？

【问题讨论】：

工人能ping通经理的ip吗？
尝试简单的“docker swarm init --advertise-addr 10.1.1.40”，不带尾随端口号。最重要的是，工作节点能否看到该 IP 地址？没有防火墙或其他可能阻塞路径的东西
我认为您的令牌不正确。检查uacv-之后的空格
@MarkO'Connor 没有防火墙/代理或任何类似的东西。工作人员的“nmap”程序“看到”管理器主机上的开放端口
@Alkaline 就是这么剪切和粘贴。我试图纠正，但我执行的实际命令是直接从一个窗口复制并粘贴到另一个窗口。

标签： docker docker-swarm

【解决方案1】：

您需要在离开 swarm 之前和之后重新启动您的 docker 守护程序服务。为群体领导者和作品做这件事。这是1.12 版本中的一个错误，它已在1.12.1 中修复，因为我遇到了同样的问题。

我的尝试结果

在下面的两个部分中，我用 (num) 对步骤进行了编号，以显示工人和经理之间的顺序：

关于工人：

(1)# docker swarm leave --force
Error response from daemon: This node is not part of a swarm
(2)# service docker stop
Redirecting to /bin/systemctl stop  docker.service
(6)# service docker start
Redirecting to /bin/systemctl start  docker.service
# 
(7)# docker swarm join \
>     --token SWMTKN-1-4gsdy8jshxmd58mvpcm0tlmbbnrrqdrf51ggcwvdv0bvkltxmy-am9o4dsl4ovx6b4lbsabn0fc7 \
>     10.1.1.40:2377
Error response from daemon: Timeout was reached before node was joined. The attempt to join the swarm will continue in the background.     Use the "docker info" command to see the current swarm status of your node.
(8)# nmap -p2377 10.1.1.40

Starting Nmap 6.40 ( http://nmap.org ) at 2016-08-29 10:32 EDT
Nmap scan report for (10.1.0.123)
Host is up (0.00085s latency).
PORT     STATE    SERVICE
2377/tcp filtered unknown
MAC Address: 00:50:56:B9:76:32

在管理节点上：

(3)# docker swarm leave --force
Error response from daemon: This node is not part of a swarm
(4)# service docker stop
Redirecting to /bin/systemctl stop  docker.service
(5)# service docker start
Redirecting to /bin/systemctl start  docker.service
(7)# docker swarm init --advertise-addr 10.1.1.40 --force-new-cluster
Swarm initialized: current node (7z52d3bcoiou61ltgike42dnn) is now a manager.

To add a worker to this swarm, run the following command:

    docker swarm join \
    --token SWMTKN-1-4gsdy8jshxmd58mvpcm0tlmbbnrrqdrf51ggcwvdv0bvkltxmy-am9o4dsl4ovx6b4lbsabn0fc7 \
    10.1.1.40:2377

【讨论】：

根据我尝试遵循您的建议的结果编辑了我的问题 - 我做错了吗？我还在两台机器上的 docker 上进行了“yum upgrade”以达到 1.12.1。还是一样的行为....
请在离开 swarm 后从 master 中移除 worker 节点。使用docker node rm 之后再次重新启动 docker 服务
正如预期的那样，一旦主节点被移除，所有的“节点”命令都会失败。来自守护进程的错误响应：此节点不是集群管理器。使用“docker swarm init”或“docker swarm join”将此节点连接到swarm，然后重试。
其实很好。只需在您的 master 上执行 swarm init swarm init --force-new-cluster 即可。然后再次开始向其添加节点。还可以使用docker swarm leave --force 在节点上强制离开
我（再次）尝试了您的解决方案。我不确定包含结果的最佳位置，所以我编辑了您的答案并将它们放在那里。我仍然得到相同的结果，所以如果你能看到它并告诉我你是否发现任何问题，那就太好了。