Skip to content

feat(swarm): constrain core services to initial installation node #155

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Schreini wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(swarm): constrain core services to initial installation node #155

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 9 additions & 4 deletions apps/website/public/install.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -238,9 +238,14 @@ install_dokploy() {

echo "Generated secure database credentials (stored in Docker Secrets)"

# Add label to current node so we can constrain our services to this node
docker node update \
--label-add role=dokploy-main \
$(hostname)
Comment on lines +241 to +244
Copy link

@greptile-apps greptile-apps bot Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Missing error check on docker node update

If docker node update fails (e.g. because the Swarm node name doesn't match the system hostname), the script will continue and create all three services with the constraint node.labels.role==dokploy-main. Since no node will carry that label, every service will remain permanently in a pending/unschedulable state and Dokploy will never start — with no error message from the install script.

Add an explicit failure check so the script aborts early if labelling fails:

Suggested change
# Add label to current node so we can constrain our services to this node
docker node update \
--label-add role=dokploy-main \
$(hostname)
# Add label to current node so we can constrain our services to this node
docker node update \
--label-add role=dokploy-main \
"$(hostname)" || { echo "Error: Failed to label Swarm node '$(hostname)'. Aborting." >&2; exit 1; }

Comment on lines +241 to +244
Copy link

@greptile-apps greptile-apps bot Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Prefer node ID over hostname for reliability

docker node update accepts a node name, node ID, or unique ID prefix. The Swarm node name defaults to the hostname at swarm init time, but using $(docker info --format '{{.Swarm.NodeID}}') directly retrieves the canonical node ID from Docker itself, making the label step immune to any mismatch between the OS hostname and the registered Swarm node name.

Suggested change
# Add label to current node so we can constrain our services to this node
docker node update \
--label-add role=dokploy-main \
$(hostname)
NODE_ID=$(docker info --format '{{.Swarm.NodeID}}')
docker node update \
--label-add role=dokploy-main \
"$NODE_ID" || { echo "Error: Failed to label Swarm node. Aborting." >&2; exit 1; }


docker service create \
--name dokploy-postgres \
--constraint 'node.role==manager' \
--constraint 'node.labels.role==dokploy-main' \
--network dokploy-network \
--env POSTGRES_USER=dokploy \
--env POSTGRES_DB=dokploy \
Expand All @@ -252,7 +257,7 @@ install_dokploy() {

docker service create \
--name dokploy-redis \
--constraint 'node.role==manager' \
--constraint 'node.labels.role==dokploy-main' \
--network dokploy-network \
--mount type=volume,source=dokploy-redis,target=/data \
$endpoint_mode \
Expand Down Expand Up @@ -280,7 +285,7 @@ install_dokploy() {
--publish published=3000,target=3000,mode=host \
--update-parallelism 1 \
--update-order stop-first \
--constraint 'node.role == manager' \
--constraint 'node.labels.role==dokploy-main' \
$endpoint_mode \
$release_tag_env \
-e ADVERTISE_ADDR=$advertise_addr \
Expand All @@ -306,7 +311,7 @@ install_dokploy() {
# Optional: Use docker service create instead of docker run
# docker service create \
# --name dokploy-traefik \
# --constraint 'node.role==manager' \
# --constraint 'node.labels.role==dokploy-main' \
# --network dokploy-network \
# --mount type=bind,source=/etc/dokploy/traefik/traefik.yml,target=/etc/traefik/traefik.yml \
# --mount type=bind,source=/etc/dokploy/traefik/dynamic,target=/etc/dokploy/traefik/dynamic \
Expand Down