I trying to run my application service by using docker stack deploy command. With this command I get following error:
"starting container failed: error creating external connectivity network: cannot restrict inter-container communication: please ensure that br_netfilter kernel module is loaded"
Docker-compose file for my service is as below, it contains only one service:
version: '3.1'
services:
app_service:
image: app-image:latest
But if i try to run this service using simply docker run app-image:latest, then it runs correctly. What might be the issue here?
Following is the output of docker info:
Containers: 44
Running: 0
Paused: 0
Stopped: 44
Images: 11
Server Version: 18.06.0-ce
Storage Driver: vfs
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
Volume: local
Network: bridge host macvlan null overlay
Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: active
NodeID: ifx6qbtt8ylkxqxgjbk67rc6e
Is Manager: true
ClusterID: p8s73udo6dq4ivm95frfrfb4f
Managers: 1
Nodes: 1
Orchestration:
Task History Retention Limit: 5
Raft:
Snapshot Interval: 10000
Number of Old Snapshots to Retain: 0
Heartbeat Tick: 1
Election Tick: 10
Dispatcher:
Heartbeat Period: 5 seconds
CA Configuration:
Expiry Duration: 3 months
Force Rotate: 0
Autolock Managers: false
Root Rotation In Progress: false
Node Address: 10.10.140.7
Manager Addresses:
10.10.140.7:2377
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: d64c661f1d51c48782c9cec8fda7604785f93587
runc version: 69663f0bd4b60df09991c08812a60108003fa340
init version: fec3683
Security Options:
apparmor
seccomp
Profile: default
Kernel Version: 4.4.0-131-generic
Operating System: CentOS Linux 7 (Core)
OSType: linux
Architecture: x86_64
CPUs: 4
Total Memory: 8GiB
Name: RNI-PD-CT06
ID: UEG4:OVFJ:G55V:KIR4:QJD2:LQUJ:DVLQ:WKJY:AKQB:MKSO:Z4ZN:UF56
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): true
File Descriptors: 38
Goroutines: 161
System Time: 2018-08-20T12:25:06.808731767Z
EventsListeners: 0
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
127.0.0.0/8
Live Restore Enabled: false
WARNING: No swap limit support
WARNING: bridge-nf-call-iptables is disabled
WARNING: bridge-nf-call-ip6tables is disabled
Per WARNING message the bridge-nf-call-iptables is disabled, run code below to address that warning:
sudo sysctl net.bridge.bridge-nf-call-iptables=1
sudo sysctl net.bridge.bridge-nf-call-ip6tables=1
Also, make sure the br_netfilter module is enabled, to do that run command below and make sure br_netfilter is listed in the linux.kernel_modules:
lxc profile show docker
If it's not listed, copy all values listed in the linux.kernel_modules and add ,br_netfilter to the end of the copied value, than put all together in the command below instead of <[COPIED_LIST]>:
lxc profile set docker linux.kernel_modules <[COPIED_LIST]>