Cluster Phoenix with Docker

I have an issue to make communicate the both servers. When I run the configuration without SSL into my mac without docker everything work (I just need to change the node host for @172.0.0.1).
When I publish on my servers AWS with the configuration below, the both server and the load balancer run perfectly. I can access to my site in SSL, use the API and connected in WebSocket. And the both are been using by the LB, but they are not communicating with each other. After checking on AWS with the security run the both servers can ping each other… Can you help me to see what I’m missing…

server ip:
-> prod01 : 172.31.56.165
-> prod02 : 172.31.12.9

pings

[ec2-user@prod01 ~]$ ping 172.31.12.9
PING 172.31.12.9 (172.31.12.9) 56(84) bytes of data.
64 bytes from 172.31.12.9: icmp_seq=1 ttl=255 time=0.614 ms
64 bytes from 172.31.12.9: icmp_seq=2 ttl=255 time=0.729 ms
[ec2-user@prod02 ~]$ ping 172.31.56.165
PING 172.31.56.165 (172.31.56.165) 56(84) bytes of data.
64 bytes from 172.31.56.165: icmp_seq=1 ttl=255 time=0.770 ms
64 bytes from 172.31.56.165: icmp_seq=2 ttl=255 time=0.724 ms

prod without ssl:

config :myapp_phoenix, MyAppPhoenix.Endpoint,
  http: [port: {:system, "PORT"}],
  url: [host: [{:system, "HOST"}], port: {:system, "PORT"}],
  check_origin: false,
  version: Mix.Project.config[:version],
  cache_static_manifest: "priv/static/manifest.json",
  # You will also need to set the application root to `.` in order
  # for the new static assets to be served after a hot upgrade:
  root: ".",
  # Alternatively, you can configure exactly which server to
  # start per endpoint:
  server: true

config :phoenix, :serve_endpoints, true

config :kernel,
  sync_nodes_optional: [:'prod01@172.31.56.165', :'prod02@172.31.12.9'],
  sync_nodes_timeout: 5000

config :phoenix, :serve_endpoints, true

import_config "prod.secret.exs"

prod with ssl:

config :myapp_phoenix, MyAppPhoenix.Endpoint,
  url: [host: {:system, "HOST"}],
  cache_static_manifest: "priv/static/manifest.json",
  https: [port: {:system, "PORT_SSL"},
          otp_app: :myapp_phoenix,
          keyfile: "priv/ssl/myapp.key",
          certfile: "priv/ssl/myapp.crt"
          ],
  version: Mix.Project.config[:version],
  check_origin: ["//www.myapp.co:443"],
  # You will also need to set the application root to `.` in order
  # for the new static assets to be served after a hot upgrade:
  root: ".",
  # Alternatively, you can configure exactly which server to
  # start per endpoint:
  server: true

config :phoenix, :serve_endpoints, true

## Cluster Connection
config :kernel,
   sync_nodes_optional: [:'prod01@172.31.56.165', :'prod02@172.31.12.9'],
   sync_nodes_timeout: 5000

import_config "prod.secret.exs"

conf vm.args for the both:

-name ${NODE_NAME}
-kernel inet_dist_listen_min 9100 inet_dist_listen_max 9155

## Cookie for distributed erlang
-setcookie very_very_long_code

## Heartbeat management; auto-restarts VM if it dies or becomes unresponsive
## (Disabled by default..use with caution!)
##-heart

## Enable kernel poll and a few async threads
##+K true
##+A 5

## Increase number of concurrent ports/sockets
##-env ERL_MAX_PORTS 4096

## Tweak GC to run more often
##-env ERL_FULLSWEEP_AFTER 10

# Enable SMP automatically based on availability
-smp auto

rel config.exs for the both:

Path.join(["rel", "plugins", "*.exs"])
|> Path.wildcard()
|> Enum.map(&Code.eval_file(&1))

use Mix.Releases.Config,
    # This sets the default release built by `mix release`
    default_release: :default,
    # This sets the default environment used by `mix release`
    default_environment: Mix.env()

# For a full list of config options for both releases
# and environments, visit https://hexdocs.pm/distillery/configuration.html


# You may define one or more environments in this file,
# an environment's settings will override those of a release
# when building in that environment, this combination of release
# and environment configuration is called a profile

environment :dev do
  set dev_mode: true
  set include_erts: false
  set cookie: :"very_very_long_code_for dev"
end

environment :prod do
  set include_erts: true
  set include_src: false
  # If you change the cookie do not forgot to update it into `vm.args` file
  set cookie: :"very_very_long_code"
  # Add some conf into `vm.args`
  set vm_args: "vm.args"
end

# You may define one or more releases in this file.
# If you have not set a default release, or selected one
# when running `mix release`, the first release in the file
# will be used by default

release :myapp_phoenix do
  set version: current_version(:myapp_phoenix)
end

How I build my project with docker

MIX_ENV=prod mix do phoenix.digest, release --env=prod

start with docker into prod01:

HOST=172.31.56.165 PORT_SSL=4000 REPLACE_OS_VARS=true NODE_NAME=prod01@172.31.56.165 _build/prod/rel/myapp_phoenix/bin/myapp_phoenix foreground

start with docker into prod02:

HOST=172.31.12.9 PORT_SSL=4000 REPLACE_OS_VARS=true NODE_NAME=prod02@172.31.12.9 _build/prod/rel/myapp_phoenix/bin/myapp_phoenix foreground
1 Like

Does your firewall allow connections from port 9000 and above?

Also what error messages are in the logs when trying to connect?

The rule set on AWS is to allow all type of connection so i supose this allow all ports too.

The actual log does not show any error.
I will try to set the log to debug to see it i can get more info…

I’m sure when you deploy with Elastic Beanstalk it opens just ONE port on your choice to access docker container. For example 8080. I’m pretty sure the same goes with ECS. If I’m wrong please let me know because I’m also going to link nodes in a cluster in the next few days.

Oh, its docker? I missread that one!

Please make sure that all ports used for external communication to accept connections are EXPOSED from your Dockerfile and also published by docker when starting the container and you are mapping them correctly.

This is what I’m talking about. EB on AWS is accepting only the first port in the EXPOSED list. You can expose even 65K ports but it will use the first one.

Thanks for your help, here the solution.

when Erlang start to connect to another node it will use the port 4369. So you need to add into your Dockerfile EXPOSE 4369

Also into my vm.args I added the kernet can connect between the ports 9100 to 9155. So again add those into your Dockerfile EXPOSE 9100-9155

Finally do not forget when you start your Docker to add those ports as well

docker run -d \
...
-p 4369:4369 \
-p 9100-9155:9100-9155 \
...

I found this link very interesting

PS: You can use this command line to know which ports are used by your project

~$ epmd -names
epmd: up and running on port 4369 with data:
name prod01 at port 9100
4 Likes