Search code examples
dockerdocker-composesalt-project

Setting up salt-master in Docker container: The ports are not available to bind error

I'm setting up a salt-master to run in a Docker container. I'm using docker-compose to build and run the container. When I start the container I get:

salt_master       | [WARNING ] Unable to bind socket, error: [Errno 99] Cannot assign requested address
salt_master       | The ports are not available to bind
salt_master exited with code 4

– Any idea why this port cannot be bound, and how can I fix this?

I'm setting the following to /etc/salt/master:

interface: 192.168.99.100

...since this is the IP of my docker-machine (I'm running Docker Toolbox on OS X):

docker-machine ip default
> 192.168.99.100

Contents of my Dockerfile:

FROM centos:7

RUN rpm --import https://repo.saltstack.com/yum/redhat/7/x86_64/latest/SALTSTACK-GPG-KEY.pub

RUN touch /etc/yum.repos.d/saltstack.repo
RUN echo "[saltstack-repo]" >> /etc/yum.repos.d/saltstack.repo
RUN echo "name=SaltStack repo for RHEL/CentOS \$releasever" >> /etc/yum.repos.d/saltstack.repo
RUN echo "baseurl=https://repo.saltstack.com/yum/redhat/\$releasever/\$basearch/latest" >> /etc/yum.repos.d/saltstack.repo
RUN echo "enabled=1" >> /etc/yum.repos.d/saltstack.repo
RUN echo "gpgcheck=1" >> /etc/yum.repos.d/saltstack.repo
RUN echo "gpgkey=https://repo.saltstack.com/yum/redhat/\$releasever/\$basearch/latest/SALTSTACK-GPG-KEY.pub" >> /etc/yum.repos.d/saltstack.repo

RUN yum clean expire-cache
RUN yum update -y

RUN yum install -y virt-what
RUN yum install -y salt-master salt-minion salt-ssh salt-syndic salt-cloud


EXPOSE 4505
EXPOSE 4506

Contents of docker-compose.yml

image:  
  build: salt
  container_name: salt_master_image

master:
  image: saltmaster_image
  container_name: salt_master
  hostname: salt-master
  ports:
    - "4505:4505"
    - "4506:4506"
  volumes:
    - ./salt/assets/etc/salt:/etc/salt
    - ./salt/assets/var/cache/salt:/var/cache/salt
    - ./salt/assets/var/logs/salt:/var/logs/salt
    - ./salt/assets/srv/salt:/srv/salt
  command: /usr/bin/salt-master --log-file=/var/logs/salt/salt-master.log --log-file-level=debug

In order to build and run I execute:

docker-compose build
docker-compose up

If I leave out interface: 192.168.99.100 from /etc/salt/master, I don't get these errors. But then the log says Starting the Salt Publisher on tcp://0.0.0.0:4505 which is not what I want.

Solution

  • The container's IP address is not 192.168.99.100. This is the IP address of the Docker host.

    The IP address of the container can be obtained by inspecting the running container: docker inspect salt_master | grep IPAddress. This reveals that the IP address of the container can be e.g. 172.17.0.2.

    When defining interface 172.17.0.2 in /etc/salt/master, the service starts up without errors and the following can be found in the log:

    Starting the Salt Publisher on tcp://172.17.0.2:4505

    Since port 4505 was mapped to the Docker host, this service can now be reached through 192.168.99.100:4505, which means that salt-minions should be able to contact the salt-master via this address, by setting master: 192.168.99.100 in /etc/salt/minion on the minions.

    EDIT: Since the container's IP address is bound to change, it's not safe to assume it's IP address will always be e.g. 172.17.0.2. Instead, it would be better, per @Phani's suggestion, to use interface: 172.0.0.1 instead. – turns out this doesn't work, instead use interface: 0.0.0.0.