Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Error implementing PandoraFMS on Docker
#1
Hi,

I'm trying to implement PandoraFMS using Docker. I've opted for the advanced installation according to the manual because I want to make MySQL isolated on a separated network and I want to use two different containers for Console and Server due to security purposes. I'm trying to run the MySQL Docker image as follows:
docker run -idt --name PandoraFMS-MySQL --network PandoraFMS -v /mnt/pandorafms/mysql/var/lib/mysql:/var/lib/mysql -v /mnt/pandorafms/mysql/etc/mysql:/etc/mysql -e MYSQL_ROOT_PASSWORD=SomeGoodPassword -e MYSQL_DATABASE=pandora -e MYSQL_USER=pandora -e MYSQL_PASSWORD=SomeOtherGoodPassword pandorafms/pandorafms-mysql:6

But the lauch fail. Checking for the container log, I've got the following output:
MySQL init process failed.
2016-07-29 21:13:20 0 [Warning] TIMESTAMP with implicit DEFAULT value is deprecated. Please use --explicit_defaults_for_timestamp server option (see documentation for more details).
2016-07-29 21:13:20 0 [Note] mysqld (mysqld 5.6.29) starting as process 1 ...
2016-07-29 21:13:20 1 [ERROR] Fatal error: Please read "Security" section of the manual to find out how to run mysqld as root!

2016-07-29 21:13:20 1 [ERROR] Aborting

2016-07-29 21:13:20 1 [Note] Binlog end
2016-07-29 21:13:20 1 [Note] mysqld: Shutdown complete


Could someone please help me with this issue? If someone from PandoraFMS could only provide the Dockerfile for this image, I could better troubleshoot this and help to get it working.
 Reply
#2
Hi Thiago,

I've been able to replicate the issue using the -v flags. Without them, it works just fine. I'll open up a internal incident to review this. You can find the dockerfile in our GitHub repository: https://github.com/pandorafms/pandorafms...Dockerfile

Any help would be very much appreciated! Smile
 Reply
#3
Hi Axel,

Thank you very much for your attention on this issue. I was looking the Dockerfile and I think that I might have found the conflit.

Well, first of all, let me share with you my goals when using the -v option. What I really want is to make all of the data inside the database to be persistent even if I have to destroy the container for any reason. Thus I'm using the -v and pointing the folder /mnt/pandorafms/mysql/var/lib/mysql to the container folder /var/lib/mysql.

Other motivation for this is to have separate volumes on the host machine so I can easily attach and detach volumes when I add or remove containers. This is importante since the host is running on a cloud environment which charges me for the used Gb.

What I think that might be the conflict is the directive && rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql at the line 32 of the Docker file when it is said to be removed the /var/lib/mysql folder and recreated. I believe that this is being done so the folder ends up with the right permissions.

But, as long as I've mapped this folder to one of the host, docker can't remove it because it is trying actually to remove a folder on the host from the container, and this perhaps isn't allowed due to file permissions at the host.

I'm not completely sure about that, but I think that this is denying the container to be built properly. I'm gonna try to implement this with these changes on the Dockerfile to see if I can have any success.

And perhaps my lack of acknowledge in docker is causing this trouble. Perhaps the VOLUME directive inside the Dockerfile can solve it all and I'm trying to overkill it using the -v parameter. I'm still not sure about it and I'm gonna do some more ressearch about it.

Please let me know your findings as well. Perhaps we can find a solution which fulfill both requirements.


Regards,
Thiago Lima
 Reply
#4
Hi Axel,

I think I was right regarding the directive [tt]&& rm -rf /var/lib/mysql && mkdir -p /var/lib/mysql[/tt] at the line 32 of the [tt]Dockerfile[/tt]. I've tried to build the server from scratch following each step of the Dockerfile and it fails on this step with the error message [tt]"rm: cannot remove '/var/lib/mysql': Device or resource busy"[/tt].

So, first of all, I've changed the [tt]Dockerfile[/tt] to just remove the content of the directory instead of removing it all. So, the line 32 now is [tt]&& rm -rf /var/lib/mysql/*[/tt].

Well, one issue solved. But following the steps I wasn't still able to run the container. Looking further on the container logs, I've noticed the following error message:

[tt][ERROR] /usr/sbin/mysqld: unknown option '--skip-host-cache\nskip-name-resolve'[/tt]

So I double checked the [tt]Dockerfile[/tt] and saw that there's a typo at the line 37. Then I've changed it to the following:

[tt]&& echo 'skip-host-cache\skip-name-resolve' | awk '{ print } $1 == "[mysqld]" && c == 0 { c = 1; system("cat") }' /etc/mysql/my.cnf > /tmp/my.cnf \[/tt]

And at last, I was still getting the error message [tt][ERROR] Fatal error: Please read "Security" section of the manual to find out how to run mysqld as root[/tt]. Doing some ressearch, I saw that the [tt]mysql[/tt] was being tried to run as root. So, I've changed the last line of the [tt]Dockerfile[/tt] to [tt]CMD ["mysqld", "--user=mysql"][/tt] and I was able to run the container.

Well, now I'm going to run the console and server containers and check if everything is working. I'll let you guys know as soon as I get something. I hope this troubleshooting can be useful for the PandoraFMS community and that you can use the information aforementioned to improve the Dockerfile and the PandoraFMS-MySQL image at DockerHub. Big Grin


Regards,
Thiago Lima

 Reply
#5
Hi Axel,

With these changes on Dockerfile I wasn't able to connect onto the database :/

So, I was inspecting the Dockerfile for the default [tt]mysql:5.6[/tt] image and they are almost the same with the [tt]pandorafms/pandorafms-mysql:6[/tt]. So, I decided to go with a default [tt]mysql:5.6[/tt] image than the PandoraFMS one. Since I was using PandoraFMS on AWS with RDS with no problem, I don't think this is gonna be a issue.

Then I was able to run all of the containers. Here comes the commands I've used in order to start all of them:
  • [tt]docker run -idt --name PandoraFMS-MySQL --network PandoraFMS -v /mnt/pandorafms/mysql/var/lib/mysql:/var/lib/mysql -v /mnt/pandorafms/mysql/etc/mysql:/etc/mysql -e MYSQL_ROOT_PASSWORD=pandora -e MYSQL_DATABASE=pandora -e MYSQL_USER=pandora -e MYSQL_PASSWORD=pandora mysql:5.6[/tt]

  • [tt]docker run -idt --name PandoraFMS-Console --network PandoraFMS -p 8022:8022 -p 8023:8023 --link PandoraFMS-MySQL:mysql -e PANDORA_DB_HOST=172.18.0.2:3306 -e PANDORA_DB_PASSWORD=pandora -e PANDORA_DB_USER=pandora -e PANDORA_DB_NAME=pandora pandorafms/pandorafms-console:6[/tt]

  • [tt]docker run -idt --name PandoraFMS-Server --network PandoraFMS -v /mnt/pandorafms/server/var/spool/pandora:/var/spool/pandora -e PANDORA_DB_HOST=172.18.0.2:3306 -e PANDORA_DB_PASSWORD=pandora -e PANDORA_DB_USER=pandora -e PANDORA_DB_NAME=pandora pandorafms/pandorafms-server:6[/tt]

But now, the only page that I'm able to see when I try to reach the IP Address of the Console container on port 80 is the apache default page. I've tried to run on a lab machine the same environment but strictly following the documentation regarding the installation under docker (http://wiki.pandorafms.com/index.php?tit...der_Docker) and yet still I'm only able to see the apache default page. When I try to access the path /install.php I can't access it either.

Could you please let me know if something is missing at this point most specifically regarding the Console container?


Regards,
Thiago Lima
 Reply
#6
Hello Thiago.

I'm glad you sorted that out! We're still looking into it to see if we can adapt our MySQL image to a different folder.

You should access /pandora_console/install.php, not just /install.php.

Double check in the console container if the route /var/www/html/pandora_console is present! (it should be)
 Reply
#7
Hi Axel,

That would be good to have a different image so you can use the [tt]-v[/tt] option, I think. This could ease three scenarios:
  • When you don't want to use the inner disk of your docker host for some reason (for me it is because I think it is easiest to manage on my Cloud provider - Oracle);
  • When you want to be sure where and what it is the volume for your container (let's say you have lots of [tt]MySQL[/tt] images into your host, it could be difficult to identify which one is which and then perform backups, maintenance, and so on);
  • When you wanna have a distributed [tt]MySQL[/tt] farm onto different host machines.

That's just my opinion, of course. I'm not even that much experienced with docker yet, but accordingly to some reading about it on the documentation and some other sources, these are the reasons I can think right now.

Regarding the Console issue, yes. You are completely right. Actually before your post I was able to check this getting access to the console container bash. After this step I could inspect the proper path to the destination. I was going to let you know that, sorry for the delay Smile

Now I have just one more thing to figure out and it is how to bypass the install since I'm migrating an already running [tt]PandoraFMS[/tt] build to a [tt]Docker Container[/tt] environment. This is where I'm gonna spend some time now.

But thank you for all of your help so far! It is being very good to share these steps with you.
 Reply
#8
Hi Axel,

Here comes some troubles with the initial setup:
Inside the official image for the Console ([tt]pandorafms/pandorafms-console:6[/tt]), the [tt]install.php[/tt] file is renamed as [tt]install.php.done[/tt]. That's odd, but I had to rename it back to [tt]install.php[/tt] in order to the initial wizard run properly;
When using any version of [tt]MySQL[/tt] ([tt]5.6[/tt], [tt]5.7[/tt] or [tt]latest[/tt]), when I try to create the database on step 3 (or use the existing one), I insert all of the needed information as per the [tt]MySQL[/tt] container creation (root password, database name and MySQL host). But it fails with the following error message:
  • [tt]Invalid default value for 'last_pass_change'[/tt]

Investigating a little further about it, I saw that the default script tries to create the table tusuario with the following parameter:
  • [tt]`last_pass_change` DATETIME NOT NULL DEFAULT 0[/tt]

Well, as it seems, [tt]0[/tt] isn't an accepted value for [tt]DATETIME[/tt], so you should use [tt]CURRENT_TIMESTAMP[/tt] instead:
  • [tt]`last_pass_change` DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP[/tt]

It fails for fields last_pass_change and last_failed_login. So it must be changed on both of them so the table can get properly created.

So I ran the two scripts for the following step manually inside [tt]MySQL[/tt] and the database is created. But I can't get the system running anyways.

I had to do that because the system won't start because of the wizard. I've tried to follow it telling that I already have a database so it could do the remaining routines to get the system done. But since this query fails, I can proceed with the deploy. When I restart the server, I get the following error message:
  • [tt]DBD::mysql:Confusedt execute failed: Table 'pandora.tconfig' doesn't exist at /usr/lib/perl5/PandoraFMS/DB.pm line 576.[/tt]

Before I was able to run the server because I have cheated put a backup of the database and the table was being found. (rs)

Now I can see two paths:
  • Deviate from the initial wizard;
  • Solve all of these issues.

I think the first one will be the fastest and the one that will attend me right now. Could you please help me on this then I can help you on any further test if you need to?
 Reply
#9
EDIT: I've just discovered that, according to Docker's official documentation, environment variable injection does not work when you use the --network feature, so you'll need to be careful and specify the environment variables yourself when creating the console and server containers:

One notable missing functionality compared to legacy links is the injection of environment variables. Though very useful, environment variable injection is static in nature and must be injected when the container is started. One cannot inject environment variables into a running container without significant effort and hence it is not compatible with docker network which provides a dynamic way to connect/ disconnect containers to/from a network.
(Source)

Hi Thiago,

I've been able to replicate your issue. I solved it using the mysql:5.5 docker (our official supported MySQL version). The steps I followed:

Code:
docker run --name some-mysql -e MYSQL_ROOT_PASSWORD=pandora -d mysql:5.5
docker run --name pandorafms-console -p 80:80 -p 8022:8022 -p 8023:8023 --link some-mysql:mysql -d pandorafms/pandorafms-console:6

Then, we need to enter to the console container and remove a couple of files:
Code:
docker exec -it pandorafms-console mv -f /var/www/html/pandora_console/install.php.done /var/www/html/pandora_console/install.php
docker exec -it pandorafms-console rm -f /var/www/html/pandora_console/include/config.php

After that, access to Pandora FMS's console and do the installation. In the MySQL step, when you type the hostname, you'll be prompted for the IP of the console's container. Do a ifconfig and select the docker interface (something like 172.17.0.5).

Finally, we need to start the server:
Code:
docker run -p 41121:41121 --link some-mysql:mysql -d pandorafms/pandorafms-server:6

Hope this helps! Smile
 Reply
#10
Hi Axel,

Thank you for your edit about the networks and the environment variables. I've replicated the tests onto my local machine (my own workstation, actually) and I'm able to run PandoraFMS not using any network parameter.

But we're intending to build individual networks for each environment on our Moby Dick server in order to increase security. Let me ask you something: Why is it really necessary to use environment variables (through [tt]-e[/tt] option on [tt]docker run[/tt]) since I'm gonna set all of these parameters on [tt]install.php[/tt] anyway?

Another issue that I've noticed, even with this limitation, when I launch the container with environment variables and network options, I can see the Env section of the inspect json telling me that the environment variables are set:
Code:
"Env": [
    "PANDORA_DB_HOST=mysql:3306",
    "PANDORA_DB_PASSWORD=pandora",
    "PANDORA_DB_USER=pandora",
    "PANDORA_DB_NAME=pandora",
    "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],

Besides, when I launch the container using both of these parameters, I still can get the information from the environment variable as follows:
Code:
$ docker run -idt --name PandoraFMS-Console --network PandoraFMS -p 8022:8022 -p 8023:8023 -e PANDORA_DB_HOST=172.18.0.19:3306 -e PANDORA_DB_PASSWORD=pandora -e PANDORA_DB_USER=pandora -e PANDORA_DB_NAME=pandora pandorafms/pandorafms-console:6
$ docker exec -it PandoraFMS-Console printenv PANDORA_DB_HOST
172.18.0.19:3306

So I think the documentation might be outdated or something. At least it doesn't seems that this limitation is affecting me.

Anyway, I've made some adjustments and now I'm able to run the [tt]install.php[/tt] script. But when I get it done, the main page of Pandora FMS gets disfigured and the only thing I can see is the main logo, the user and the password fields. When I try to login using the default credentials (user [tt]admin[/tt] and password [tt]pandora[/tt]), I can't get access.
[Image: pandorafms_index.jpg]

I don't understand why this works on our lab environments but not on my Moby Dick host. Do you have any clew on why is this happening so I can better troubleshoot that over here?
 Reply


Users browsing this thread: 1 Guest(s)


(c) 2006-2018 Artica Soluciones Tecnológicas. Contents of this wiki are under Create Common Attribution v3 licence. | pandorafms.com | pandorafms.org

Theme © MyBB Themes