[OCI/Swarm] How to Fix the "connect: no route to host" Error When Joining a Docker Swarm in OCI VM
Hey there, if you’re getting a super frustrating error when trying to join a Docker Swarm in Oracle Cloud Infrastructure (OCI) VM, then you’ve come to the right place!
Here’s the error message you might see:
Error response from daemon: rpc error: code = Unavailable desc = connection error: desc = "transport: Error while dialing dial tcp 132.12.23.123:2377: connect: no route to host"
Yikes! But don’t worry, we’ve got some easy steps you can follow to fix it and get back to your Docker swarming in no time.
Let’s say you are running a Swarm Manager in the OCI VM instance with the public IP address 132.12.23.123
. And you are trying to join the Swarm from another VM instance using this command:
docker swarm join --token SWMTKN-1-26210jfe2i00c3v7oi7gy3uulpvww4uipi7w4pvsocbi53gte8-5jgmviwax5xeo81rzj0z2q15b 132.12.23.123:2377
To successfully join the Swarm, here’s what you need to do:
1. Add port 2377
to the Ingress Rules of the Security List of the VM instance.
Easy peasy! Just add that port 2377 to the Ingress Rules, like this:
Without adding the port 2377
to the Ingress Rules, you’ll get this error instead:
Error response from daemon: Timeout was reached before node joined. The attempt to join the swarm will continue in the background. Use the "docker info" command to see the current swarm status of your node.
2. Important Add the following rule to the iptables of the VM instance of the Swarm Manager
Okay, this one’s a little more technical, but bear with me! Open the file /etc/iptables/rules.v4
with and add this rule:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 2377 -j ACCEPT
Then save the changes and enable the new rule by running this command:
sudo iptables-restore < /etc/iptables/rules.v4
Check if the rule is added successfully by running this command:
sudo iptables -L INPUT
You should be able to see the output like this:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp spt:ntp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:2377
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
And voila! You should now be able to join the Swarm successfully. 🎉🎉🎉
3. Other commands that you can use to troubleshoot the issue
Just in case you run into any more issues, we’ve got some extra commands you can use to help you troubleshoot the problem:
- Check if the port is listening on your manager node
netstat -tuplen
- Check if the port is open from your worker node
telnet <manager node IP> 2377
- Make sure that the Swarm Manager advertise address can be reached from the worker node. In this case, it’s
132.12.23.123
.
In conclusion, OCI has many security features that you need to be aware of. And it’s not easy to troubleshoot the issue if you are not familiar with the platform.
If this post helped you to solve a problem or provided you with new insights, please upvote it and share your experience in the comments below. Your comments can help others who may be facing similar challenges. Thank you!