getsockopt failed strangely: Operation not permitted in Docker-Compose Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Data science time! April 2019 and salary with experience The Ask Question Wizard is Live!Using Docker-Compose, how to execute multiple commandsHow to restart a single container with docker-composeWhat is the difference between docker and docker-composeInternally load balance Docker Containers using Azure Container Servicedocker deploy won't publish port in swarmDeploying docker-compose as yml in order to be able to scale using the same portWhat is the difference between docker-compose ports vs exposeLetsEncrypt in a Docker (docker-compose) app container not workingDocker swarm scaling behaviour on port mappingRouting to same instance of Backend container that serviced initial request
What is the chair depicted in Cesare Maccari's 1889 painting "Cicerone denuncia Catilina"?
Putting class ranking in CV, but against dept guidelines
Asymptotics question
How can I prevent/balance waiting and turtling as a response to cooldown mechanics
AppleTVs create a chatty alternate WiFi network
Did Mueller's report provide an evidentiary basis for the claim of Russian govt election interference via social media?
Was Kant an Intuitionist about mathematical objects?
What is the "studentd" process?
Why not send Voyager 3 and 4 following up the paths taken by Voyager 1 and 2 to re-transmit signals of later as they fly away from Earth?
Is multiple magic items in one inherently imbalanced?
How can a team of shapeshifters communicate?
As a dual citizen, my US passport will expire one day after traveling to the US. Will this work?
Random body shuffle every night—can we still function?
Simple Http Server
Why do early math courses focus on the cross sections of a cone and not on other 3D objects?
Tips to organize LaTeX presentations for a semester
Can an iPhone 7 be made to function as a NFC Tag?
Can you force honesty by using the Speak with Dead and Zone of Truth spells together?
Relating to the President and obstruction, were Mueller's conclusions preordained?
How to change the tick of the color bar legend to black
What are the main differences between Stargate SG-1 cuts?
Is there hard evidence that the grant peer review system performs significantly better than random?
Why weren't discrete x86 CPUs ever used in game hardware?
What initially awakened the Balrog?
getsockopt failed strangely: Operation not permitted in Docker-Compose
Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Data science time! April 2019 and salary with experience
The Ask Question Wizard is Live!Using Docker-Compose, how to execute multiple commandsHow to restart a single container with docker-composeWhat is the difference between docker and docker-composeInternally load balance Docker Containers using Azure Container Servicedocker deploy won't publish port in swarmDeploying docker-compose as yml in order to be able to scale using the same portWhat is the difference between docker-compose ports vs exposeLetsEncrypt in a Docker (docker-compose) app container not workingDocker swarm scaling behaviour on port mappingRouting to same instance of Backend container that serviced initial request
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
I'm getting a strange error when trying to start up a docker-swarm with docker-compose. I'm trying to use the following (brief) tutorial to convert a docker-compose swarm using HAProxy to use letsencrypt ssl. You can see the tutorial here: http://blog.armstrongconsulting.com/?p=392.
Here is my docker-compose file:
version: '3.3'
services:
back:
image: patientplatypus/lowtechback:latest
ports:
- '5000:5000'
deploy:
replicas: 3
restart_policy:
condition: on-failure
max_attempts: 5
window: 120s
networks:
- web
front:
image: patientplatypus/lowtechfront:latest
ports:
- '80:3000'
depends_on:
- back
deploy:
replicas: 3
restart_policy:
condition: on-failure
max_attempts: 5
window: 120s
networks:
- web
proxy:
# image: dockercloud/haproxy
image: nmarus/haproxy-certbot
depends_on:
- back
- front
environment:
- BALANCE=leastconn
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 8080:8080
expose:
- "8080"
- "3000"
- "5000"
cap_add:
- ALL
- NET_ADMIN
volumes:
- ./data/config:/config
- ./data/letsencrypt:/etc/letsencrypt
- ./data/certs:/usr/local/etc/haproxy/certs.d
networks:
- web
deploy:
placement:
constraints: [node.role == manager]
networks:
web:
driver: overlay
In ./data/config/haproxy.cfg there is a file that has configuration options for haproxy to use ssl. The only relevant change I made to the default config (you can see that here: https://hub.docker.com/r/nmarus/haproxy-certbot) that I made was this:
backend my_http_backend
mode http
balance leastconn
option tcp-check
option log-health-checks
server back back:5000 check port 5000
server front front:80 check port 80
to route to my own containers.
When I run the following commands (as root):
docker swarm init
--advertise-addr MY_IP_ADD_SS
docker stack deploy --compose-file=docker-compose.yaml prod2
I get the following:
root@ubuntu-1gb-nyc3-01:/lowteck# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
ko2xkerpki9f prod2_back replicated 3/3 patientplatypus/lowtechback:latest *:5000->5000/tcp
rly8rrb5uiht prod2_front replicated 3/3 patientplatypus/lowtechfront:latest *:80->3000/tcp
nuf7219sxteu prod2_proxy replicated 0/1 nmarus/haproxy-certbot:latest *:8080->8080/tcp
root@ubuntu-1gb-nyc3-01:/lowteck# docker service logs prod2_proxy
prod2_proxy.1.y2eagrgn52fg@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.ycbj0rojv2tl@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.y4mt1es20q0v@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.ohopcbdmgvwt@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
As far as I can tell I've set the cap_add option to allow this operation in the proxy container, I've run the swarm command as root, and I should have read/write/execute permissions on my haproxy.cfg file. Why am I getting this strange error?
docker ssl docker-compose docker-swarm haproxy
asked Mar 8 at 23:13
Peter WeyandPeter Weyand
419634
add a comment |
I'm getting a strange error when trying to start up a docker-swarm with docker-compose. I'm trying to use the following (brief) tutorial to convert a docker-compose swarm using HAProxy to use letsencrypt ssl. You can see the tutorial here: http://blog.armstrongconsulting.com/?p=392.
Here is my docker-compose file:
version: '3.3'
services:
back:
image: patientplatypus/lowtechback:latest
ports:
- '5000:5000'
deploy:
replicas: 3
restart_policy:
condition: on-failure
max_attempts: 5
window: 120s
networks:
- web
front:
image: patientplatypus/lowtechfront:latest
ports:
- '80:3000'
depends_on:
- back
deploy:
replicas: 3
restart_policy:
condition: on-failure
max_attempts: 5
window: 120s
networks:
- web
proxy:
# image: dockercloud/haproxy
image: nmarus/haproxy-certbot
depends_on:
- back
- front
environment:
- BALANCE=leastconn
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 8080:8080
expose:
- "8080"
- "3000"
- "5000"
cap_add:
- ALL
- NET_ADMIN
volumes:
- ./data/config:/config
- ./data/letsencrypt:/etc/letsencrypt
- ./data/certs:/usr/local/etc/haproxy/certs.d
networks:
- web
deploy:
placement:
constraints: [node.role == manager]
networks:
web:
driver: overlay
In ./data/config/haproxy.cfg there is a file that has configuration options for haproxy to use ssl. The only relevant change I made to the default config (you can see that here: https://hub.docker.com/r/nmarus/haproxy-certbot) that I made was this:
backend my_http_backend
mode http
balance leastconn
option tcp-check
option log-health-checks
server back back:5000 check port 5000
server front front:80 check port 80
to route to my own containers.
When I run the following commands (as root):
docker swarm init
--advertise-addr MY_IP_ADD_SS
docker stack deploy --compose-file=docker-compose.yaml prod2
I get the following:
root@ubuntu-1gb-nyc3-01:/lowteck# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
ko2xkerpki9f prod2_back replicated 3/3 patientplatypus/lowtechback:latest *:5000->5000/tcp
rly8rrb5uiht prod2_front replicated 3/3 patientplatypus/lowtechfront:latest *:80->3000/tcp
nuf7219sxteu prod2_proxy replicated 0/1 nmarus/haproxy-certbot:latest *:8080->8080/tcp
root@ubuntu-1gb-nyc3-01:/lowteck# docker service logs prod2_proxy
prod2_proxy.1.y2eagrgn52fg@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.ycbj0rojv2tl@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.y4mt1es20q0v@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.ohopcbdmgvwt@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
As far as I can tell I've set the cap_add option to allow this operation in the proxy container, I've run the swarm command as root, and I should have read/write/execute permissions on my haproxy.cfg file. Why am I getting this strange error?
docker ssl docker-compose docker-swarm haproxy
asked Mar 8 at 23:13
Peter WeyandPeter Weyand
419634
I'm not 100% sure, but I don't think cap_add is supported by docker swarm. Here's the related stack overflow answer: serverfault.com/a/824548.
– mweiss
Mar 9 at 7:56
Correct cap_add isn't supported in swarm docs.docker.com/compose/compose-file/#cap_add-cap_drop.
– Bret Fisher
Mar 9 at 20:44
add a comment |
I'm getting a strange error when trying to start up a docker-swarm with docker-compose. I'm trying to use the following (brief) tutorial to convert a docker-compose swarm using HAProxy to use letsencrypt ssl. You can see the tutorial here: http://blog.armstrongconsulting.com/?p=392.
Here is my docker-compose file:
version: '3.3'
services:
back:
image: patientplatypus/lowtechback:latest
ports:
- '5000:5000'
deploy:
replicas: 3
restart_policy:
condition: on-failure
max_attempts: 5
window: 120s
networks:
- web
front:
image: patientplatypus/lowtechfront:latest
ports:
- '80:3000'
depends_on:
- back
deploy:
replicas: 3
restart_policy:
condition: on-failure
max_attempts: 5
window: 120s
networks:
- web
proxy:
# image: dockercloud/haproxy
image: nmarus/haproxy-certbot
depends_on:
- back
- front
environment:
- BALANCE=leastconn
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 8080:8080
expose:
- "8080"
- "3000"
- "5000"
cap_add:
- ALL
- NET_ADMIN
volumes:
- ./data/config:/config
- ./data/letsencrypt:/etc/letsencrypt
- ./data/certs:/usr/local/etc/haproxy/certs.d
networks:
- web
deploy:
placement:
constraints: [node.role == manager]
networks:
web:
driver: overlay
In ./data/config/haproxy.cfg there is a file that has configuration options for haproxy to use ssl. The only relevant change I made to the default config (you can see that here: https://hub.docker.com/r/nmarus/haproxy-certbot) that I made was this:
backend my_http_backend
mode http
balance leastconn
option tcp-check
option log-health-checks
server back back:5000 check port 5000
server front front:80 check port 80
to route to my own containers.
When I run the following commands (as root):
docker swarm init
--advertise-addr MY_IP_ADD_SS
docker stack deploy --compose-file=docker-compose.yaml prod2
I get the following:
root@ubuntu-1gb-nyc3-01:/lowteck# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
ko2xkerpki9f prod2_back replicated 3/3 patientplatypus/lowtechback:latest *:5000->5000/tcp
rly8rrb5uiht prod2_front replicated 3/3 patientplatypus/lowtechfront:latest *:80->3000/tcp
nuf7219sxteu prod2_proxy replicated 0/1 nmarus/haproxy-certbot:latest *:8080->8080/tcp
root@ubuntu-1gb-nyc3-01:/lowteck# docker service logs prod2_proxy
prod2_proxy.1.y2eagrgn52fg@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.ycbj0rojv2tl@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.y4mt1es20q0v@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.ohopcbdmgvwt@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
As far as I can tell I've set the cap_add option to allow this operation in the proxy container, I've run the swarm command as root, and I should have read/write/execute permissions on my haproxy.cfg file. Why am I getting this strange error?
docker ssl docker-compose docker-swarm haproxy
asked Mar 8 at 23:13
Peter WeyandPeter Weyand
419634
I'm getting a strange error when trying to start up a docker-swarm with docker-compose. I'm trying to use the following (brief) tutorial to convert a docker-compose swarm using HAProxy to use letsencrypt ssl. You can see the tutorial here: http://blog.armstrongconsulting.com/?p=392.
Here is my docker-compose file:
version: '3.3'
services:
back:
image: patientplatypus/lowtechback:latest
ports:
- '5000:5000'
deploy:
replicas: 3
restart_policy:
condition: on-failure
max_attempts: 5
window: 120s
networks:
- web
front:
image: patientplatypus/lowtechfront:latest
ports:
- '80:3000'
depends_on:
- back
deploy:
replicas: 3
restart_policy:
condition: on-failure
max_attempts: 5
window: 120s
networks:
- web
proxy:
# image: dockercloud/haproxy
image: nmarus/haproxy-certbot
depends_on:
- back
- front
environment:
- BALANCE=leastconn
volumes:
- /var/run/docker.sock:/var/run/docker.sock
ports:
- 8080:8080
expose:
- "8080"
- "3000"
- "5000"
cap_add:
- ALL
- NET_ADMIN
volumes:
- ./data/config:/config
- ./data/letsencrypt:/etc/letsencrypt
- ./data/certs:/usr/local/etc/haproxy/certs.d
networks:
- web
deploy:
placement:
constraints: [node.role == manager]
networks:
web:
driver: overlay
In ./data/config/haproxy.cfg there is a file that has configuration options for haproxy to use ssl. The only relevant change I made to the default config (you can see that here: https://hub.docker.com/r/nmarus/haproxy-certbot) that I made was this:
backend my_http_backend
mode http
balance leastconn
option tcp-check
option log-health-checks
server back back:5000 check port 5000
server front front:80 check port 80
to route to my own containers.
When I run the following commands (as root):
docker swarm init
--advertise-addr MY_IP_ADD_SS
docker stack deploy --compose-file=docker-compose.yaml prod2
I get the following:
root@ubuntu-1gb-nyc3-01:/lowteck# docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
ko2xkerpki9f prod2_back replicated 3/3 patientplatypus/lowtechback:latest *:5000->5000/tcp
rly8rrb5uiht prod2_front replicated 3/3 patientplatypus/lowtechfront:latest *:80->3000/tcp
nuf7219sxteu prod2_proxy replicated 0/1 nmarus/haproxy-certbot:latest *:8080->8080/tcp
root@ubuntu-1gb-nyc3-01:/lowteck# docker service logs prod2_proxy
prod2_proxy.1.y2eagrgn52fg@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.ycbj0rojv2tl@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.y4mt1es20q0v@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
prod2_proxy.1.ohopcbdmgvwt@ubuntu-1gb-nyc3-01 | getsockopt failed strangely: Operation not permitted
As far as I can tell I've set the cap_add option to allow this operation in the proxy container, I've run the swarm command as root, and I should have read/write/execute permissions on my haproxy.cfg file. Why am I getting this strange error?
docker ssl docker-compose docker-swarm haproxy
docker ssl docker-compose docker-swarm haproxy
asked Mar 8 at 23:13
Peter WeyandPeter Weyand
419634
asked Mar 8 at 23:13
Peter WeyandPeter Weyand
419634
asked Mar 8 at 23:13
Peter WeyandPeter Weyand
419634
asked Mar 8 at 23:13
Peter WeyandPeter Weyand
419634
asked Mar 8 at 23:13
Peter WeyandPeter Weyand
419634
419634
I'm not 100% sure, but I don't think cap_add is supported by docker swarm. Here's the related stack overflow answer: serverfault.com/a/824548.
– mweiss
Mar 9 at 7:56
Correct cap_add isn't supported in swarm docs.docker.com/compose/compose-file/#cap_add-cap_drop.
– Bret Fisher
Mar 9 at 20:44
add a comment |
I'm not 100% sure, but I don't think cap_add is supported by docker swarm. Here's the related stack overflow answer: serverfault.com/a/824548.
– mweiss
Mar 9 at 7:56
Correct cap_add isn't supported in swarm docs.docker.com/compose/compose-file/#cap_add-cap_drop.
– Bret Fisher
Mar 9 at 20:44
I'm not 100% sure, but I don't think cap_add is supported by docker swarm. Here's the related stack overflow answer: serverfault.com/a/824548.
– mweiss
Mar 9 at 7:56
I'm not 100% sure, but I don't think cap_add is supported by docker swarm. Here's the related stack overflow answer: serverfault.com/a/824548.
– mweiss
Mar 9 at 7:56
Correct cap_add isn't supported in swarm docs.docker.com/compose/compose-file/#cap_add-cap_drop.
– Bret Fisher
Mar 9 at 20:44
Correct cap_add isn't supported in swarm docs.docker.com/compose/compose-file/#cap_add-cap_drop.
– Bret Fisher
Mar 9 at 20:44
add a comment |
1 Answer
1
active
oldest
votes
I'm guessing the bind-mounts are causing that problem in haproxy, or just something wrong with the nmarus/haproxy-certbot image.
In Swarm it's recommended you use docker volume's to store persistent data like the certs and configs generated by your container. If using multiple Swarm nodes, you need to use shared storage with something like http://rexray.io to ensure volumes are not "stuck" on one node.
Optionally, you could use Swarm Secrets and Configs to inject those things into containers if you're providing them to the container at start, but I'm guessing that image you're using generates them on the fly.
Also, depends_on, cap_add, and expose are not used by Swarm. See the compose file doc on each feature you want to use in the yaml.
Lastly, it looks like the image you're using doesn't support using the docker socket like you have mounted (you have two volumes: objects in the same service) and so you really should look at proxies that are "swarm aware" and can self-update based on services you deploy. Traefik does this, and I go through examples of using it in Swarm on GitHub.
answered Mar 9 at 20:56
Bret FisherBret Fisher
4,20921526
add a comment |
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55072292%2fgetsockopt-failed-strangely-operation-not-permitted-in-docker-compose%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I'm guessing the bind-mounts are causing that problem in haproxy, or just something wrong with the nmarus/haproxy-certbot image.
In Swarm it's recommended you use docker volume's to store persistent data like the certs and configs generated by your container. If using multiple Swarm nodes, you need to use shared storage with something like http://rexray.io to ensure volumes are not "stuck" on one node.
Optionally, you could use Swarm Secrets and Configs to inject those things into containers if you're providing them to the container at start, but I'm guessing that image you're using generates them on the fly.
Also, depends_on, cap_add, and expose are not used by Swarm. See the compose file doc on each feature you want to use in the yaml.
Lastly, it looks like the image you're using doesn't support using the docker socket like you have mounted (you have two volumes: objects in the same service) and so you really should look at proxies that are "swarm aware" and can self-update based on services you deploy. Traefik does this, and I go through examples of using it in Swarm on GitHub.
answered Mar 9 at 20:56
Bret FisherBret Fisher
4,20921526
add a comment |
I'm guessing the bind-mounts are causing that problem in haproxy, or just something wrong with the nmarus/haproxy-certbot image.
In Swarm it's recommended you use docker volume's to store persistent data like the certs and configs generated by your container. If using multiple Swarm nodes, you need to use shared storage with something like http://rexray.io to ensure volumes are not "stuck" on one node.
Optionally, you could use Swarm Secrets and Configs to inject those things into containers if you're providing them to the container at start, but I'm guessing that image you're using generates them on the fly.
Also, depends_on, cap_add, and expose are not used by Swarm. See the compose file doc on each feature you want to use in the yaml.
Lastly, it looks like the image you're using doesn't support using the docker socket like you have mounted (you have two volumes: objects in the same service) and so you really should look at proxies that are "swarm aware" and can self-update based on services you deploy. Traefik does this, and I go through examples of using it in Swarm on GitHub.
answered Mar 9 at 20:56
Bret FisherBret Fisher
4,20921526
add a comment |
I'm guessing the bind-mounts are causing that problem in haproxy, or just something wrong with the nmarus/haproxy-certbot image.
In Swarm it's recommended you use docker volume's to store persistent data like the certs and configs generated by your container. If using multiple Swarm nodes, you need to use shared storage with something like http://rexray.io to ensure volumes are not "stuck" on one node.
Optionally, you could use Swarm Secrets and Configs to inject those things into containers if you're providing them to the container at start, but I'm guessing that image you're using generates them on the fly.
Also, depends_on, cap_add, and expose are not used by Swarm. See the compose file doc on each feature you want to use in the yaml.
Lastly, it looks like the image you're using doesn't support using the docker socket like you have mounted (you have two volumes: objects in the same service) and so you really should look at proxies that are "swarm aware" and can self-update based on services you deploy. Traefik does this, and I go through examples of using it in Swarm on GitHub.
answered Mar 9 at 20:56
Bret FisherBret Fisher
4,20921526
I'm guessing the bind-mounts are causing that problem in haproxy, or just something wrong with the nmarus/haproxy-certbot image.
In Swarm it's recommended you use docker volume's to store persistent data like the certs and configs generated by your container. If using multiple Swarm nodes, you need to use shared storage with something like http://rexray.io to ensure volumes are not "stuck" on one node.
Optionally, you could use Swarm Secrets and Configs to inject those things into containers if you're providing them to the container at start, but I'm guessing that image you're using generates them on the fly.
Also, depends_on, cap_add, and expose are not used by Swarm. See the compose file doc on each feature you want to use in the yaml.
Lastly, it looks like the image you're using doesn't support using the docker socket like you have mounted (you have two volumes: objects in the same service) and so you really should look at proxies that are "swarm aware" and can self-update based on services you deploy. Traefik does this, and I go through examples of using it in Swarm on GitHub.
answered Mar 9 at 20:56
Bret FisherBret Fisher
4,20921526
answered Mar 9 at 20:56
Bret FisherBret Fisher
4,20921526
answered Mar 9 at 20:56
Bret FisherBret Fisher
4,20921526
answered Mar 9 at 20:56
Bret FisherBret Fisher
4,20921526
4,20921526
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55072292%2fgetsockopt-failed-strangely-operation-not-permitted-in-docker-compose%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
I'm not 100% sure, but I don't think cap_add is supported by docker swarm. Here's the related stack overflow answer: serverfault.com/a/824548.
– mweiss
Mar 9 at 7:56
Correct cap_add isn't supported in swarm docs.docker.com/compose/compose-file/#cap_add-cap_drop.
– Bret Fisher
Mar 9 at 20:44