我使用docker swarm处理consul群集配置。仅使用一个网络的服务发现可以正常工作。但随着第二个网络的添加,我得到以下信息" [WARN]成员列表:能够连接到69eca29632dc但其他探测失败,网络可能配置错误"。如何正确配置此网络以克服此问题?
version: '3'
services:
consul:
image: consul:latest
deploy:
replicas: 3
environment:
- CONSUL_LOCAL_CONFIG={\"disable_update_check\":true}
- CONSUL_BIND_INTERFACE=eth0
- CONSUL_HTTP_ADDR=0.0.0.0
entrypoint:
- consul
- agent
- -server
- -bootstrap-expect=3
- -data-dir=/consul/data
- -bind={{ GetInterfaceIP "eth2" }}
- -client=0.0.0.0
- -retry-join=172.177.0.3
- -retry-join=172.177.0.4
- -retry-join=172.177.0.5
- -ui
networks:
- backend #works properly without this line
- consul
ports:
- 8500:8500
- 8600:8600
networks:
consul:
driver: overlay
ipam:
config:
- subnet: 172.177.0.0/16
backend:
driver: overlay
ipam:
config:
- subnet: 173.177.0.0/16
答案 0 :(得分:0)
就我而言,我在syslog中收到以下警告条目:
Aug 26 14:43:40 onl-vault01-poc consul[15046]: memberlist: Failed ping: onl-vault03-poc.dc1 (timeout reached)
Aug 26 14:43:42 onl-vault01-poc consul[15046]: 2019/08/26 14:43:42 [WARN] memberlist: Was able to connect to onl-vault03-poc.dc1 but other probes failed, network may be misconfigured
Aug 26 14:43:42 onl-vault01-poc consul[15046]: memberlist: Was able to connect to onl-vault03-poc.dc1 but other probes failed, network may be misconfigured
当然,该消息本身既不具体也不很有帮助。 最后,事实证明我在节点之间缺少 udp / 8302 的防火墙规则(尽管此端口被记录为WAN端口,而我的节点仅是LAN)。您肯定需要公开端口tcp / 8300,8301,8302和udp / 8301,8302(请参阅How do I publish a UDP Port on Docker?如何在Docker中公开UDP端口)。这些是Consul 1.5.x编写时的默认侦听端口(请参见https://www.consul.io/docs/internals/architecture.html)。