For some background, I am a linux system admin that is new to the docker container world and I am not well-versed on building and using docker images. Various dev teams in my company are interested in devops and micro services architecture and we are in the planning stage to determine what tools we want to adopt and what are ecosystem should look like. After using Vagrant for a few years, I have been impressed and drawn to the hashicorp tools and am currently learning and setting up a Nomad/Consul demo environment in the
rackspace.com cloud to showcase some of the features and functionality.
After getting past a few hurdles with how nomad and consul integrate, I have a working 5-node cluster with 3 nomad/consul servers(installed side-by-side) and 2 nomad docker clients/consul agents. I am running iptables(below) on all the nodes, have opened the dynamic ports(20000-60000) on my docker client and can see docker dynamically updating iptables when containers are deployed. The nomad (init) redis example job schedules properly across the nomad docker clients using dynamic ports and the services get registered in consul as expected. I am not familiar with redis so accessing and demoing the service externally isn't very useful for me. I setup an example apache job(below), trying a few different apache containers from docker hub, but I have not been able to reach apache service via a URL.
1) Can anyone share a simple and generic apache or tomcat nomad HCL (and perhaps a JSON) job with instructions on how the service would be reached from a browser? I see the docker container running on the dynamic port 46665 and tried to reach it via http:<nomad_client_ip>:46665 without any luck.
2) Is there are simple way to convert HCL into a working JSON config to be used via the API?
My example job, most a which is pieced together from the sparse examples I have been able to find :job "app1" {
# Job should run in the US region
region = "dfw"
# Spread tasks between us-west-1 and us-east-1
datacenters = ["rackspace-DFW"]
# run this job globally
#type = "system"
# Rolling updates should be sequential
update {
stagger = "30s"
max_parallel = 1
}
group "web" {
# We want 5 web servers
count = 5
# Create a web front end using a docker image
task "apache" {
driver = "docker"
config {
image = "eboraas/apache"
}
service {
port = "http"
check {
type = "http"
path = "/var/www/html"
interval = "10s"
timeout = "2s"
}
}
resources {
cpu = 128
memory = 128
network {
mbits = 100
# Request for a dynamic port
port "http" {
}
}
}
}
}
}Here is my Iptables config on my nomad client:# iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
42250 186M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
5 465 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
1934 116K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 ctstate NEW tcp dpt:22
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4646 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4647 state NEW,ESTABLISHED
140 8400 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8301 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8302 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8400 state NEW,ESTABLISHED
0 0 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:8400 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8500 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8600 state NEW,ESTABLISHED
0 0 ACCEPT tcp -- eth1 * 0.0.0.0/0 0.0.0.0/0 multiport dports 20000:60000
44 2723 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
153 8940 DOCKER all -- * docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * docker0 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
139 9981 ACCEPT all -- docker0 !docker0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- docker0 docker0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 166 packets, 22562 bytes)
pkts bytes target prot opt in out source destination
Chain DOCKER (1 references)
pkts bytes target prot opt in out source destination
135 8028 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.4 tcp dpt:6379
0 0 ACCEPT udp -- !docker0 docker0 0.0.0.0/0 172.17.0.4 udp dpt:6379
0 0 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.5 tcp dpt:46665
0 0 ACCEPT udp -- !docker0 docker0 0.0.0.0/0 172.17.0.5 udp dpt:46665
0 0 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.6 tcp dpt:43677
0 0 ACCEPT udp -- !docker0 docker0 0.0.0.0/0 172.17.0.6 udp dpt:43677
0 0 ACCEPT tcp -- !docker0 docker0 0.0.0.0/0 172.17.0.7 tcp dpt:46628
0 0 ACCEPT udp -- !docker0 docker0 0.0.0.0/0 172.17.0.7 udp dpt:46628