[OCI/Swarm] How to Fix the "connect: no route to host" Error When Joining a Docker Swarm in OCI VM

Hey there, if you’re getting a super frustrating error when trying to join a Docker Swarm in Oracle Cloud Infrastructure (OCI) VM, then you’ve come to the right place!

Here’s the error message you might see:

Error response from daemon: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 132.12.23.123:2377: connect: no route to host"

Yikes! But don’t worry, we’ve got some easy steps you can follow to fix it and get back to your Docker swarming in no time.

Let’s say you are running a Swarm Manager in the OCI VM instance with the public IP address 132.12.23.123. And you are trying to join the Swarm from another VM instance using this command:

docker swarm join --token SWMTKN-1-26210jfe2i00c3v7oi7gy3uulpvww4uipi7w4pvsocbi53gte8-5jgmviwax5xeo81rzj0z2q15b 132.12.23.123:2377

To successfully join the Swarm, here’s what you need to do:

1. Add port 2377 to the Ingress Rules of the Security List of the VM instance.

Easy peasy! Just add that port 2377 to the Ingress Rules, like this:

Without adding the port 2377 to the Ingress Rules, you’ll get this error instead:

Error response from daemon: Timeout was reached before node joined. The attempt to join the swarm will continue in the background. Use the "docker info" command to see the current swarm status of your node.

2. Important Add the following rule to the iptables of the VM instance of the Swarm Manager

Okay, this one’s a little more technical, but bear with me! Open the file /etc/iptables/rules.v4 with and add this rule:

-A INPUT -p tcp -m state --state NEW -m tcp --dport 2377 -j ACCEPT

Then save the changes and enable the new rule by running this command:

sudo iptables-restore < /etc/iptables/rules.v4

Check if the rule is added successfully by running this command:

sudo iptables -L INPUT

You should be able to see the output like this:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:2377
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

And voila! You should now be able to join the Swarm successfully. 🎉🎉🎉

3. Other commands that you can use to troubleshoot the issue

Just in case you run into any more issues, we’ve got some extra commands you can use to help you troubleshoot the problem:

• Check if the port is listening on your manager node

netstat -tuplen

• Check if the port is open from your worker node

telnet <manager node IP> 2377

• Make sure that the Swarm Manager advertise address can be reached from the worker node. In this case, it’s 132.12.23.123.

In conclusion, OCI has many security features that you need to be aware of. And it’s not easy to troubleshoot the issue if you are not familiar with the platform.