You will find below the resultat of netstat running on my node leader
docker@node-leader:~$ netstat -tunap
netstat: can't scan /proc - are you root?
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 192.168.99.101:44014 192.168.99.103:7946 TIME_WAIT -
tcp 0 0 192.168.99.101:22 192.168.99.1:49858 ESTABLISHED-
tcp 0 0 192.168.99.101:45382 192.168.99.101:2377 ESTABLISHED-
tcp 0 0 10.0.2.15:22 10.0.2.2:64384 ESTABLISHED-
tcp 0 0 192.168.99.101:44650 192.168.99.102:7946 TIME_WAIT-
tcp 0 0 192.168.99.101:44648 192.168.99.102:7946 TIME_WAIT-
tcp 0 0 192.168.99.101:44010 192.168.99.103:7946 TIME_WAIT-
tcp 0 0 :::2376 :::* LISTEN-
tcp 0 0 :::2377 :::* LISTEN-
tcp 0 0 :::7946 :::* LISTEN-
tcp 0 0 :::8080 :::* LISTEN-
tcp 0 0 :::8081 :::* LISTEN-
tcp 0 0 :::22 :::* LISTEN-
tcp 0 0 ::ffff:192.168.99.101:2377 ::ffff:192.168.99.103:33590 ESTABLISHED -
tcp 0 0 ::ffff:192.168.99.101:2377 ::ffff:192.168.99.102:51168 ESTABLISHED -
tcp 0 0 ::ffff:192.168.99.101:2377 ::ffff:192.168.99.101:45382 ESTABLISHED -
tcp 0 0 ::ffff:192.168.99.101:7946 ::ffff:192.168.99.102:36162 TIME_WAIT -
udp 0 0 0.0.0.0:4789 0.0.0.0:*-
udp 0 0 :::7946 :::*-
We can look that port 3003 is not open.
I performed a docker inspect.
We can find tha port section is not present
docker@node-leader:~$ docker service inspect aerospike_aerospikedb
[
{
"ID": "it05qt15ut2kf50w68mp9yio5",
"Version": {
"Index": 327
},
"CreatedAt": "2018-07-04T19:06:04.793071341Z",
"UpdatedAt": "2018-07-06T11:04:58.73011964Z",
"Spec": {
"Name": "aerospike_aerospikedb",
"Labels": {
"com.docker.stack.image": "aerospike/aerospike-server:latest",
"com.docker.stack.namespace": "aerospike"
},
"TaskTemplate": {
"ContainerSpec": {
"Image": "aerospike/aerospike-server:latest@sha256:bda87b8948823a3e921688f24c15a385b351dc7855e258a5bc4a85c01a3f0075",
"Labels": {
"com.aerospike.description": "This label is for all containers for the Aerospike service",
"com.docker.stack.namespace": "aerospike"
},
"Args": [
"--config-file",
"/run/secrets/aerospike.conf"
],
"Privileges": {
"CredentialSpec": null,
"SELinuxContext": null
},
"StopGracePeriod": 10000000000,
"DNSConfig": {},
"Secrets": [
{
"File": {
"Name": "aerospike.conf",
"UID": "0",
"GID": "0",
"Mode": 288
},
"SecretID": "xqk8ru7dvj6i9nww2ehu10qr7",
"SecretName": "aerospike_conffile"
}
],
"Isolation": "default"
},
"Resources": {},
"RestartPolicy": {
"Condition": "any",
"Delay": 5000000000,
"MaxAttempts": 0
},
"Placement": {
"Constraints": [
"node.role == worker"
],
"Platforms": [
{
"Architecture": "amd64",
"OS": "linux"
}
]
},
"Networks": [
{
"Target": "u8uoqywqz5p3zjshvp8pyym6a",
"Aliases": [
"aerospikedb"
]
}
],
"ForceUpdate": 1,
"Runtime": "container"
},
"Mode": {
"Replicated": {
"Replicas": 4
}
},
"UpdateConfig": {
"Parallelism": 1,
"FailureAction": "pause",
"Monitor": 5000000000,
"MaxFailureRatio": 0,
"Order": "stop-first"
},
"RollbackConfig": {
"Parallelism": 1,
"FailureAction": "pause",
"Monitor": 5000000000,
"MaxFailureRatio": 0,
"Order": "stop-first"
},
"EndpointSpec": {
"Mode": "dnsrr"
}
}
}
]
I execute this command found in this page :
docker@node-leader:~$ docker service update --publish-add 3003:3000 aerospike_aerospikedb
Error response from daemon: rpc error: code = InvalidArgument desc = EndpointSpec: port published with ingres
mode can't be used with dnsrr mode
But i think as indicated on this dockers’s schema when EndpointSpec with dnsrr the port transfert must be done by a proxy / LB
I found in this page the utilisation of HAPROXY in front
I’m going to test in opening 3000 port on a dedicaded node