Raspbian Docker Swarm Rootless Failures

Swarm Issues
1

Rebuilding my Swarm on seven node Raspberry Pi 4
The swarm init process does not complete unless run under sudo.
If run under sudo then you can join nodes to the swarm but you can’t deploy any containers unless under sudo. The steps are shown below.

Running Portainer on the platform starts, but will not manage any devices as it does not have permissions.

Steps to reproduce:
pi@cyva:~ $ cat /etc/os-release
PRETTY_NAME=“Debian GNU/Linux 11 (bullseye)”
NAME=“Debian GNU/Linux”
VERSION_ID=“11”
VERSION=“11 (bullseye)”
VERSION_CODENAME=bullseye
ID=debian
HOME_URL=“https://www.debian.org/
SUPPORT_URL=“Debian -- User Support
BUG_REPORT_URL=“https://bugs.debian.org/
pi@cyva:~ $ docker info
Client:
Context: default
Debug Mode: false
Plugins:
app: Docker App (Docker Inc., v0.9.1-beta3)
buildx: Docker Buildx (Docker Inc., v0.8.2-docker)
compose: Docker Compose (Docker Inc., v2.6.0)

Server:
Containers: 0
Running: 0
Paused: 0
Stopped: 0
Images: 0
Server Version: 20.10.17
Storage Driver: overlay2
Backing Filesystem: extfs
Supports d_type: true
Native Overlay Diff: false
userxattr: true
Logging Driver: json-file
Cgroup Driver: systemd
Cgroup Version: 2
Plugins:
Volume: local
Network: bridge host ipvlan macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
Swarm: inactive
Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc version: v1.1.2-0-ga916309
init version: de40ad0
Security Options:
seccomp
Profile: default
rootless
cgroupns
Kernel Version: 5.15.32-v8+
Operating System: Debian GNU/Linux 11 (bullseye)
OSType: linux
Architecture: aarch64
CPUs: 4
Total Memory: 7.629GiB
Name: cyva
ID: ZSZM:25PW:XIBP:EXQC:XIG4:TKKB:GWIV:LOPM:2PVN:AXK7:LVE7:XPIV
Docker Root Dir: /home/pi/.local/share/docker
Debug Mode: false
Username: ########
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false

WARNING: No memory limit support
WARNING: No swap limit support
WARNING: No cpu cfs quota support
WARNING: No cpu cfs period support
WARNING: No cpu shares support
WARNING: No cpuset support
WARNING: No io.weight support
WARNING: No io.weight (per device) support
WARNING: No io.max (rbps) support
WARNING: No io.max (wbps) support
WARNING: No io.max (riops) support
WARNING: No io.max (wiops) support
pi@cyva:~ $ docker version
Client: Docker Engine - Community
Version: 20.10.17
API version: 1.41
Go version: go1.17.11
Git commit: 100c701
Built: Mon Jun 6 23:02:34 2022
OS/Arch: linux/arm64
Context: default
Experimental: true

Server: Docker Engine - Community
Engine:
Version: 20.10.17
API version: 1.41 (minimum version 1.12)
Go version: go1.17.11
Git commit: a89b842
Built: Mon Jun 6 23:01:01 2022
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.6.6
GitCommit: 10c12954828e7c7c9b6e0ea9b0c02b01407d3ae1
runc:
Version: 1.1.2
GitCommit: v1.1.2-0-ga916309
docker-init:
Version: 0.19.0
GitCommit: de40ad0
pi@cyva:~ $ docker swarm init --advertise-addr 172.16.10.30
Swarm initialized: current node (ajc5x7fh4x3kmut11u0fr0v7g) is now a manager.

To add a worker to this swarm, run the following command:

docker swarm join --token SWMTKN-1-6bsgqus47mwx73liqxgzcm9tj87efhmhkrgi2u523a5luht78q-1ob40qlnqt13aqzu9ewolxo2o 172.16.10.30:2377

To add a manager to this swarm, run ‘docker swarm join-token manager’ and follow the instructions.

pi@cyva:~ $ docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
ajc5x7fh4x3kmut11u0fr0v7g * cyva Ready Active Leader 20.10.17
pi@cyva:~ $ netstat -tuplen
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN 0 66878 -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 160975 -
tcp 0 0 0.0.0.0:22022 0.0.0.0:* LISTEN 0 13768 -
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 0 13894 -
tcp6 0 0 :::9000 :::* LISTEN 0 69789 -
tcp6 0 0 ::1:631 :::* LISTEN 0 160974 -
tcp6 0 0 :::22022 :::* LISTEN 0 14832 -
tcp6 0 0 :::5900 :::* LISTEN 0 13893 -
udp 0 0 0.0.0.0:51852 0.0.0.0:* 108 158694 -
udp 0 0 0.0.0.0:68 0.0.0.0:* 0 13915 -
udp 0 0 0.0.0.0:631 0.0.0.0:* 0 159248 -
udp 0 0 0.0.0.0:33833 0.0.0.0:* 0 14812 -
udp 0 0 0.0.0.0:5353 0.0.0.0:* 108 158692 -
udp6 0 0 :::5353 :::* 108 158693 -
udp6 0 0 :::34027 :::* 108 158695 -
pi@cyva:~ $ docker swarm leave --force
Node left the swarm.
pi@cyva:~ $ sudo docker swarm init --advertise-addr 172.16.10.30
Swarm initialized: current node (1ap9ajo6nyvpuko0sst0npypf) is now a manager.

To add a worker to this swarm, run the following command:

docker swarm join --token SWMTKN-1-1ytsmrxpbwja492z7st894qtxybkaxsw4lm4u0zc0jto3tjvqy-83fezkvq860f1x52dxnxelkjh 172.16.10.30:2377

To add a manager to this swarm, run ‘docker swarm join-token manager’ and follow the instructions.

pi@cyva:~ $ netstat -tuplen
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 0.0.0.0:9000 0.0.0.0:* LISTEN 0 66878 -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 0 160975 -
tcp 0 0 0.0.0.0:22022 0.0.0.0:* LISTEN 0 13768 -
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 0 13894 -
tcp6 0 0 :::9000 :::* LISTEN 0 69789 -
tcp6 0 0 ::1:631 :::* LISTEN 0 160974 -
tcp6 0 0 :::22022 :::* LISTEN 0 14832 -
tcp6 0 0 :::5900 :::* LISTEN 0 13893 -
tcp6 0 0 :::2377 :::* LISTEN 0 202497 -
tcp6 0 0 :::7946 :::* LISTEN 0 202502 -
udp 0 0 0.0.0.0:51852 0.0.0.0:* 108 158694 -
udp 0 0 0.0.0.0:68 0.0.0.0:* 0 13915 -
udp 0 0 0.0.0.0:631 0.0.0.0:* 0 159248 -
udp 0 0 0.0.0.0:4789 0.0.0.0:* 0 205059 -
udp 0 0 0.0.0.0:33833 0.0.0.0:* 0 14812 -
udp 0 0 0.0.0.0:5353 0.0.0.0:* 108 158692 -
udp6 0 0 :::7946 :::* 0 202503 -
udp6 0 0 :::5353 :::* 108 158693 -
udp6 0 0 :::34027 :::* 108 158695 -
pi@cyva:~ $
pi@cyva:~ $ docker node ls
Error response from daemon: This node is not a swarm manager. Use “docker swarm init” or “docker swarm join” to connect this node to swarm and try again.
pi@cyva:~ $ sudo docker node ls
ID HOSTNAME STATUS AVAILABILITY MANAGER STATUS ENGINE VERSION
rrosb7bl3tggmm8resw976de2 Rpi41 Ready Active 20.10.17
1ap9ajo6nyvpuko0sst0npypf * cyva Ready Active Leader 20.10.17
pi@cyva:~ $
i@cyva:~/compose/Viz $ docker compose --file=docker-compose.yml config
name: viz
services:
viz:
deploy:
placement:
constraints:

  • node.role == manager
    image: alexellis2/visualizer-arm:latest
    networks:
    viznet: null
    ports:
  • mode: ingress
    target: 8080
    published: “8081”
    protocol: tcp
    volumes:
  • type: bind
    source: /var/run/docker.sock
    target: /var/run/docker.sock
    bind:
    create_host_path: true
    networks:
    viznet:
    name: viz_viznet
    driver: overlay

docker stack deploy Viz --compose-file=docker-compose.yml
this node is not a swarm manager. Use “docker swarm init” or “docker swarm join” to connect this node to swarm and try again
pi@cyva:~/compose/Viz $ sudo docker stack deploy Viz --compose-file=docker-compose.yml
Creating network Viz_viznet
Creating service Viz_viz
pi@cyva:~/compose/Viz $ docker service ls
Error response from daemon: This node is not a swarm manager. Use “docker swarm init” or “docker swarm join” to connect this node to swarm and try again.
pi@cyva:~/compose/Viz $ sudo docker service ls
ID NAME MODE REPLICAS IMAGE PORTS
wf6kne0kkp5t Viz_viz replicated 1/1 alexellis2/visualizer-arm:latest *:8081->8080/tcp
pi@cyva:~/compose/Viz $