docker
Docker stack deploy with network host fails yaml validation on docker for windows
Description
I am trying to deploy a stack with a service using network host because this service needs to do a multicast.
As stated in the docs (https://docs.docker.com/compose/compose-file/#host-or-none) I declared an external netowrk called host and use that network in my service. This works perfectly fine on linux with docker 17.12.0-ce (or 17.12.1-ce or any other version I tested) however on docker for widnows with version 17.12.0 I get:
network "host" is declared as external, but it is not in the right scope: "local" instead of "swarm"
Steps to reproduce the issue:
- Create a stack with network
networks:
hostnet:
external:
name: host
- Declare a service using said network:
example-service:
image: hello-world
networks:
- hostnet
- deploy the stack
Describe the results you received:
network "host" is declared as external, but it is not in the right scope: "local" instead of "swarm"
Describe the results you expected: Stack is successfully deployed
Additional information you deem important (e.g. issue happens only occasionally):
When calling docker stack deploy from within a container running 17.10 which has the docker socket mounted the behaviour is as desired.
Output of docker version:
Version: 17.12.0-ce API version: 1.35 Go version: go1.9.2 Git commit: c97c6d6 Built: Wed Dec 27 20:05:22 2017 OS/Arch: windows/amd64 Server: Engine: Version: 17.12.0-ce API version: 1.35 (minimum version 1.12) Go version: go1.9.2 Git commit: c97c6d6 Built: Wed Dec 27 20:12:29 2017 OS/Arch: linux/amd64 Experimental: false
Output of docker info:
Containers: 43 Running: 22 Paused: 0 Stopped: 21 Images: 20 Server Version: 17.12.0-ce Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: active NodeID: lcayhpu052oheu67v8z4kq5z9 Is Manager: true ClusterID: quho6g21euunnxpkcqc41bpbj Managers: 1 Nodes: 1 Orchestration: Task History Retention Limit: 5 Raft: Snapshot Interval: 10000 Number of Old Snapshots to Retain: 0 Heartbeat Tick: 1 Election Tick: 3 Dispatcher: Heartbeat Period: 5 seconds CA Configuration: Expiry Duration: 3 months Force Rotate: 0 Autolock Managers: false Root Rotation In Progress: false Node Address: 192.168.65.3 Manager Addresses: 192.168.65.3:2377 Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: 89623f28b87a6004d4b785663257362d1658a729 runc version: b2567b37d7b75eb4cf325b77297b140ea686ce8f init version: 949e6fa Security Options: seccomp Profile: default Kernel Version: 4.9.60-linuxkit-aufs Operating System: Docker for Windows OSType: linux Architecture: x86_64 CPUs: 2 Total Memory: 1.934GiB Name: linuxkit-00155d087104 ID: YSPZ:2MRF:HAXW:KTZA:WCKX:NSTV:B4G3:CMC2:ZIH6:WA4B:K5DE:TFYL Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): true File Descriptors: 171 Goroutines: 346 System Time: 2018-03-19T15:15:38.913833Z EventsListeners: 16 Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false
This is because the network name check is being done client side, and the client in this case is windows, so it's not recognizing the host network as a non-user defined network.
cc @vdemeester I believe you noticed this issue recently as well.
I believe the following PR (in moby) fixes it https://github.com/moby/moby/pull/36316 It should be in 18.03 GA I think
This issue is windows specific and does not affect linux with the exact same version. 36316 seems to fix something general though which affects linux too. I don't know why windows and linux clients behave differently on exactly the same version but this from my point of view is a critical issue. Not only can't I trust that an application on docker for windows will run as well as on native linux, now i can't even be sure that my stack file will be accepted by any system running the same version.
What about labelling it a bug?
I updated to the new 18.03 GA on windows and still get:
network "host" is declared as external, but it is not in the right scope: "local" instead of "swarm"
The same "local" instead of "swarm" ...
Server Version: 18.03.1-ce
I have this issue on Docker version 19.03.5
running:
env $(cat .env |grep ^[A-Z] | xargs) docker stack deploy --compose-file docker-compose.stack.yaml backend
docker-stack.yaml
version: "3.4"
services:
api:
image: 'backend:b64b003'
networks:
- private
- public
ports:
- "4443:443"
- "8088:80"
environment:
ASPNETCORE_URLS: 'https://+;http://+'
ASPNETCORE_HTTPS_PORT: 443
ASPNETCORE_Kestrel__Certificates__Default__Password: ""
phpmyadmin:
#depends_on:
image: phpmyadmin/phpmyadmin
restart: always
networks:
- private
ports:
- '13306:80'
environment:
PMA_HOST: localhost
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
PMA_ABSOLUTE_URI: ${PMA_ABSOLUTE_URI}
PMA_SOCKET: /var/run/mysqld/mysqld.sock
volumes:
- /var/run/mysqld/mysqld.sock:/var/run/mysqld/mysqld.sock
- /var/run/mysqld/mysqld.sock:/tmp/mysqld.sock
volumes:
backend-api-https-pfx-volume:
elastic_data:
kibana_log:
portainer_data:
networks:
public:
driver: overlay
private:
driver: bridge
