consul -v
Consul v1.8.4
Revision 12b16df32
Protocol 2 spoken by default, understands 2 to 3 (agent will automatically use protocol >2 when speaking to compatible agents)
I try to exec simple job mariadb:
job "mariadb" {
region = "global"
datacenters = ["dc1"]
type = "service"
group "database" {
count = 1
network {
mode = "bridge"
port "db" {
to = 3306
}
}
service {
name = "mariadb"
port = "db"
tags = [
"traefik.enable=true",
"traefik.tcp.routers.mariadb.rule=HostSNI(`*`)",
"traefik.tcp.routers.mariadb.service=mariadb",
"traefik.tcp.services.mariadb.loadbalancer.server.port=3306",
]
check {
type = "tcp"
port = "db"
interval = "10s"
timeout = "2s"
}
}
task "mariadb" {
driver = "docker"
config {
image = "mariadb:10.5.8"
network_mode = "database"
volumes = [
"/srv/live/mariadb/data:/var/lib/mysql",
]
}
env = {
"MYSQL_ROOT_PASSWORD" = "password"
}
}
}
}
FAILED! :’(
I have this error:
failed to setup alloc: pre-run hook "network" failed: failed to configure networking for alloc: failed to initialize table forwarding rules: failed to list iptables chains: running [/usr/sbin/iptables -t filter -S --wait]: exit status 4: Fatal: can't open lock file /run/xtables.lock: Permission denied
And in systemctl journal:
Dec 10 11:39:00 portecontainer nomad[919503]: 2020-12-10T11:39:00.095+0100 [INFO] client.gc: marking allocation for GC: alloc_id=258600ec-5567-53ef-f63e-95c5e611092f
Dec 10 11:39:00 portecontainer nomad[919503]: client.gc: marking allocation for GC: alloc_id=258600ec-5567-53ef-f63e-95c5e611092f
Dec 10 11:39:00 portecontainer nomad[919503]: 2020-12-10T11:39:00.095+0100 [ERROR] client.alloc_runner.runner_hook: failed to cleanup network for allocation, resources may have leaked: alloc_id=258600ec-5567-53ef-f63e-95c5e611092f alloc=258600ec-5567-53ef-f63e-95c5e611092f error="failed to find plugin "portmap" in path [/opt/cni/bin]"
Dec 10 11:39:00 portecontainer nomad[919503]: client.alloc_runner.runner_hook: failed to cleanup network for allocation, resources may have leaked: alloc_id=258600ec-5567-53ef-f63e-95c5e611092f alloc=258600ec-5567-53ef-f63e-95c5e611092f error="failed to find plugin "portmap" in path [/opt/cni/bin]"
I see in other topic to enable consul connect, that I add in consul config.json:
Hi @fred-gb! This bit of the error message looks to be the relevant bit:
failed to list iptables chains: running [/usr/sbin/iptables -t filter -S --wait]: exit status 4: Fatal: can't open lock file /run/xtables.lock: Permission denied
That’s bubbling up from the CNI plugin that’s trying to create a iptable entry. Are you running the Nomad client agent as root? If so, if you were to run sudo /usr/sbin/iptables -t filter -S --wait on that machine, what do you see?
So, I changed to root user in systemd file. It’s little bit better. I have another error ! Yeeaaaah!
failed to setup alloc: pre-run hook "network" failed: failed to configure networking for alloc: failed to configure network: failed to find plugin "bridge" in path [/opt/cni/bin]
So I follow instructions and it’s work. But with other error and strange behavior.
When I add “check configuration”. Nomad job not deploying. Failed and unhealthy. It’s like if unable to check TCP without authentification.
When I delete “check configuration”. It’s works! But… Not long…
I’m unable to connect to mariadb:
mysql -u root -p -h portecontainer.lan
Enter password:
ERROR 2002 (HY000): Can't connect to MySQL server on 'portecontainer.lan' (115)
Maybe a password issue, because I need to change my password, not accepted by nomad UI with specials characters within, but volume mount is existing data with older version with older password.
Traeifk UI is unreachable after somes minutes.
Firts minutes, I can browse in UI, HTTP, TCP but after somes minutes, UI is totally unreachable. But other routers rules works.