agent icon indicating copy to clipboard operation
agent copied to clipboard

Published 20 hours ago verified publisher icon portainer

agent refuses to start when network_mode is host

Open Smartype opened this issue 5 years ago • 7 comments

Run the Portainer Agent in host network mode. It fails to start. Checking the code found that it tries to get it's container IP address from container hostname, when it fail to get the IP, it quits.

Question, is it the expected behaviours? I am not a guru on Portainer agent so I do not if it's possible to work in host network mode.

[root@localhost portainer-agent]# docker-compose up
Recreating portainer_agent ... done
Attaching to portainer_agent
portainer_agent    | 2019/12/23 15:16:55 [DEBUG] [main,configuration] [Member tags: map[AgentPort:9001 EngineStatus:standalone NodeName:localhost.localdomain]]
portainer_agent    | 2019/12/23 15:16:55 [ERROR] [main,docker] [message: Unable to retrieve local agent IP address] [error: Error: No such container: localhost.localdomain]
portainer_agent exited with code 1

Smartype avatar Dec 23 '19 15:12 Smartype

Here is compose file:

version: '3'

services:

        portainer_agent:
                image: 'portainer/agent'

                container_name: 'portainer_agent'

                network_mode: host

                volumes:
                        - /var/run/docker.sock:/var/run/docker.sock
                        - /var/lib/docker/volumes:/var/lib/docker/volumes
                        - /:/host
                        - ./data:/data

                environment:
                        - EDGE_INSECURE_POLL=1
                        - EDGE=1
                        - EDGE_ID=XX
                        - EDGE_KEY=XX
                        - CAP_HOST_MANAGEMENT=1
                        - LOG_LEVEL=debug

Smartype avatar Dec 23 '19 15:12 Smartype

Yes, the agent is not designed to run in host network mode. Any particular reason why you need to run it in this mode?

deviantony avatar Jan 08 '20 20:01 deviantony

is it a big deal to allow host-mode? I'd prefer this mode since it's simpler and more direct than overlay networking. It seems from the code it doesn't work because the hostname is not useful as a container name in a lookup that's just trying to get a routable private ip address for the agent to advertise?

	containerName, err := os.GetHostName()
	if err != nil {
		log.Fatalf("[ERROR] [main,os] [message: Unable to retrieve container name] [error: %s]", err)
	}

	advertiseAddr, err := infoService.GetContainerIpFromDockerEngine(containerName)
	if err != nil {
		log.Fatalf("[ERROR] [main,docker] [message: Unable to retrieve local agent IP address] [error: %s]", err)
	}

andybrown668 avatar Mar 08 '20 12:03 andybrown668

@andybrown668 the agent was originally created to enhance the Swarm experience and as such was designed to run inside an overlay network.

You're correct about the container name and lookup process. I don't see this as a big deal, feel free to contribute and add support for host mode.

deviantony avatar Mar 08 '20 21:03 deviantony

I'm almost ready to give you a PR for host-mode but I noticed a behavior that I think would be the same without my changes - if an agent becomes isolated from the rest of the cluster they eventually forget about it, and it forgets about them. Did I miss something in the agent code that periodically looks again for other nodes through the tasks.agent swarm vip?

andybrown668 avatar Apr 02 '20 09:04 andybrown668

@andybrown668 you're right, the cluster join process is only triggered during startup. There is no reconciliation process at the moment and that's maybe something that we could investigate.

deviantony avatar Apr 03 '20 03:04 deviantony

@andybrown668 do you still have the PR? I also want to run portainer agent in host mode. Our bridge-mode containers are restricted from talking to any other systems as a security restriction. We don't have a swarm set-up, just regular docker.

c3c avatar May 15 '21 12:05 c3c