Linux - ContainersThis forum is for the discussion of all topics relating to Linux containers. Docker, LXC, LXD, runC, containerd, CoreOS, Kubernetes, Mesos, rkt, and all other Linux container platforms are welcome.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Had issues with running it, and I disabled selinux to see if that was the issue - it was. However I need to keep selinux enabled and work around it
I checked aureport and there were some denied errors for python and nginx. I ended up adding :Z to the end of the volumes in docker-compose.yml as potential solution that I found through Googling.
I think that resolved part of the problem. I'm not seeing new audit logs after this when running the containers. However the netbox-worker container exits with a permission denied error
Code:
Attaching to netbox-docker_nginx_1, netbox-docker_netbox_1, netbox-docker_netbox-worker_1, netbox-docker_postgres_1, netbox-docker_redis_1
redis_1 | 1:C 10 Mar 20:07:06.122 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis_1 | 1:C 10 Mar 20:07:06.122 # Redis version=4.0.13, bits=64, commit=00000000, modified=0, pid=1, just started
redis_1 | 1:C 10 Mar 20:07:06.122 # Configuration loaded
redis_1 | 1:M 10 Mar 20:07:06.124 * Running mode=standalone, port=6379.
redis_1 | 1:M 10 Mar 20:07:06.124 # WARNING: The TCP backlog setting of 511 cannot be enforced because ls /proc/sys/net/core/somaxconn is set to the lower value of 128.
redis_1 | 1:M 10 Mar 20:07:06.124 # Server initialized
redis_1 | 1:M 10 Mar 20:07:06.124 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
redis_1 | 1:M 10 Mar 20:07:06.128 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
redis_1 | 1:M 10 Mar 20:07:06.128 * Ready to accept connections
netbox-worker_1 | Traceback (most recent call last):
netbox-worker_1 | File "/usr/local/lib/python3.6/site-packages/django/core/management/__init__.py", line 204, in fetch_command
netbox-worker_1 | app_name = commands[subcommand]
netbox-worker_1 | KeyError: 'rqworker'
netbox-worker_1 | During handling of the above exception, another exception occurred:
netbox-worker_1 | Traceback (most recent call last):
netbox-worker_1 | File "/opt/netbox/netbox/netbox/configuration.py", line 7, in <module>
netbox-worker_1 | spec.loader.exec_module(module)
netbox-worker_1 | File "<frozen importlib._bootstrap_external>", line 674, in exec_module
netbox-worker_1 | File "<frozen importlib._bootstrap_external>", line 780, in get_code
netbox-worker_1 | File "<frozen importlib._bootstrap_external>", line 832, in get_data
netbox-worker_1 | PermissionError: [Errno 13] Permission denied: '/etc/netbox/config/configuration.py'
...
As hard I'm trying to figure it out, I don't know docker or selinux well enough to figure out why it's being denied especially when aureport is not showing new events when running the container.
Edit: Oops forgot to re-add the :Z to the volumes inside docker-compose.yml since i'm just working inside a test centos VM now
So here's the current error when I docker-compose up
Code:
[root@localhost netbox-docker]# docker-compose up
Creating network "netbox-docker_default" with the default driver
Creating volume "netbox-docker_netbox-static-files" with local driver
Creating volume "netbox-docker_netbox-nginx-config" with local driver
Creating volume "netbox-docker_netbox-media-files" with local driver
Creating volume "netbox-docker_netbox-report-files" with local driver
Creating volume "netbox-docker_netbox-postgres-data" with local driver
Creating volume "netbox-docker_netbox-redis-data" with local driver
Creating netbox-docker_redis_1 ... done
Creating netbox-docker_postgres_1 ... done
Creating netbox-docker_netbox-worker_1 ... done
Creating netbox-docker_netbox_1 ... done
Creating netbox-docker_nginx_1 ... done
Attaching to netbox-docker_postgres_1, netbox-docker_redis_1, netbox-docker_netbox-worker_1, netbox-docker_netbox_1, netbox-docker_nginx_1
postgres_1 | The files belonging to this database system will be owned by user "postgres".
postgres_1 | This user must also own the server process.
postgres_1 |
postgres_1 | The database cluster will be initialized with locale "en_US.utf8".
postgres_1 | The default database encoding has accordingly been set to "UTF8".
postgres_1 | The default text search configuration will be set to "english".
postgres_1 |
postgres_1 | Data page checksums are disabled.
postgres_1 |
postgres_1 | fixing permissions on existing directory /var/lib/postgresql/data ... ok
postgres_1 | creating subdirectories ... ok
postgres_1 | selecting default max_connections ... 100
postgres_1 | selecting default shared_buffers ... 128MB
postgres_1 | selecting dynamic shared memory implementation ... posix
postgres_1 | creating configuration files ... ok
postgres_1 | running bootstrap script ... ok
postgres_1 | performing post-bootstrap initialization ... sh: locale: not found
postgres_1 | 2019-03-12 15:55:51.242 UTC [25] WARNING: no usable system locales were found
postgres_1 | ok
postgres_1 | syncing data to disk ...
postgres_1 | WARNING: enabling "trust" authentication for local connections
postgres_1 | You can change this by editing pg_hba.conf or using the option -A, or
postgres_1 | --auth-local and --auth-host, the next time you run initdb.
postgres_1 | ok
postgres_1 |
postgres_1 | Success. You can now start the database server using:
postgres_1 |
postgres_1 | pg_ctl -D /var/lib/postgresql/data -l logfile start
postgres_1 |
postgres_1 | waiting for server to start....2019-03-12 15:55:51.896 UTC [29] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres_1 | 2019-03-12 15:55:52.012 UTC [30] LOG: database system was shut down at 2019-03-12 15:55:51 UTC
postgres_1 | 2019-03-12 15:55:52.025 UTC [29] LOG: database system is ready to accept connections
postgres_1 | done
postgres_1 | server started
postgres_1 | CREATE DATABASE
postgres_1 |
postgres_1 | CREATE ROLE
postgres_1 |
postgres_1 |
postgres_1 | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
postgres_1 |
postgres_1 | waiting for server to shut down....2019-03-12 15:55:52.570 UTC [29] LOG: received fast shutdown request
postgres_1 | 2019-03-12 15:55:52.596 UTC [29] LOG: aborting any active transactions
postgres_1 | 2019-03-12 15:55:52.598 UTC [29] LOG: worker process: logical replication launcher (PID 36) exited with exit code 1
postgres_1 | 2019-03-12 15:55:52.598 UTC [31] LOG: shutting down
postgres_1 | 2019-03-12 15:55:52.659 UTC [29] LOG: database system is shut down
postgres_1 | done
postgres_1 | server stopped
postgres_1 |
postgres_1 | PostgreSQL init process complete; ready for start up.
postgres_1 |
postgres_1 | 2019-03-12 15:55:52.706 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
postgres_1 | 2019-03-12 15:55:52.706 UTC [1] LOG: listening on IPv6 address "::", port 5432
postgres_1 | 2019-03-12 15:55:52.711 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgres_1 | 2019-03-12 15:55:52.787 UTC [42] LOG: database system was shut down at 2019-03-12 15:55:52 UTC
postgres_1 | 2019-03-12 15:55:52.795 UTC [1] LOG: database system is ready to accept connections
redis_1 | 1:C 12 Mar 15:55:50.831 # oO0OoO0OoO0Oo Redis is starting oO0OoO0OoO0Oo
redis_1 | 1:C 12 Mar 15:55:50.831 # Redis version=4.0.13, bits=64, commit=00000000, modified=0, pid=1, just started
redis_1 | 1:C 12 Mar 15:55:50.831 # Configuration loaded
redis_1 | 1:M 12 Mar 15:55:50.833 * Running mode=standalone, port=6379.
redis_1 | 1:M 12 Mar 15:55:50.833 # WARNING: The TCP backlog setting of 511 cannot be enforced because /proc/sys/net/core/somaxconn is set to the lower value of 128.
redis_1 | 1:M 12 Mar 15:55:50.833 # Server initialized
redis_1 | 1:M 12 Mar 15:55:50.833 # WARNING overcommit_memory is set to 0! Background save may fail under low memory condition. To fix this issue add 'vm.overcommit_memory = 1' to /etc/sysctl.conf and then reboot or run the command 'sysctl vm.overcommit_memory=1' for this to take effect.
redis_1 | 1:M 12 Mar 15:55:50.833 # WARNING you have Transparent Huge Pages (THP) support enabled in your kernel. This will create latency and memory usage issues with Redis. To fix this issue run the command 'echo never > /sys/kernel/mm/transparent_hugepage/enabled' as root, and add it to your /etc/rc.local in order to retain the setting after a reboot. Redis must be restarted after THP is disabled.
redis_1 | 1:M 12 Mar 15:55:50.833 * Ready to accept connections
nginx_1 | 2019/03/12 15:55:54 [notice] 1#1: using the "epoll" event method
nginx_1 | 2019/03/12 15:55:54 [notice] 1#1: nginx/1.15.9
nginx_1 | 2019/03/12 15:55:54 [notice] 1#1: built by gcc 8.2.0 (Alpine 8.2.0)
nginx_1 | 2019/03/12 15:55:54 [notice] 1#1: OS: Linux 3.10.0-957.el7.x86_64
nginx_1 | 2019/03/12 15:55:54 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
nginx_1 | 2019/03/12 15:55:54 [notice] 1#1: start worker processes
nginx_1 | 2019/03/12 15:55:54 [notice] 1#1: start worker process 6
netbox-worker_1 | 15:55:55 Registering birth of worker 24d02eee4274.1
netbox-worker_1 | 15:55:55 RQ worker 'rq:worker:24d02eee4274.1' started, version 0.13.0
netbox-worker_1 | 15:55:55 *** Listening on default...
netbox-worker_1 | 15:55:55 Sent heartbeat to prevent worker timeout. Next one should arrive within 420 seconds.
netbox-worker_1 | 15:55:55 Cleaning registries for queue: default
netbox-worker_1 | 15:55:55 *** Listening on default...
netbox-worker_1 | 15:55:55 Sent heartbeat to prevent worker timeout. Next one should arrive within 420 seconds.
netbox_1 | Operations to perform:
netbox_1 | Apply all migrations: admin, auth, circuits, contenttypes, dcim, extras, ipam, secrets, sessions, taggit, tenancy, users, virtualization
netbox_1 | Running migrations:
netbox_1 | Applying contenttypes.0001_initial... OK
netbox_1 | Applying auth.0001_initial... OK
netbox_1 | Applying admin.0001_initial... OK
netbox_1 | Applying admin.0002_logentry_remove_auto_add... OK
netbox_1 | Applying admin.0003_logentry_add_action_flag_choices... OK
netbox_1 | Applying contenttypes.0002_remove_content_type_name... OK
netbox_1 | Applying auth.0002_alter_permission_name_max_length... OK
netbox_1 | Applying auth.0003_alter_user_email_max_length... OK
netbox_1 | Applying auth.0004_alter_user_username_opts... OK
netbox_1 | Applying auth.0005_alter_user_last_login_null... OK
netbox_1 | Applying auth.0006_require_contenttypes_0002... OK
netbox_1 | Applying auth.0007_alter_validators_add_error_messages... OK
netbox_1 | Applying auth.0008_alter_user_username_max_length... OK
netbox_1 | Applying auth.0009_alter_user_last_name_max_length... OK
netbox_1 | Applying taggit.0001_initial... OK
netbox_1 | Applying taggit.0002_auto_20150616_2121... OK
netbox_1 | Applying tenancy.0001_initial... OK
netbox_1 | Applying tenancy.0002_tenant_group_optional_squashed_0003_unicode_literals... OK
netbox_1 | Applying dcim.0001_initial... OK
netbox_1 | Applying ipam.0001_initial... OK
netbox_1 | Applying dcim.0002_auto_20160622_1821_squashed_0022_color_names_to_rgb... OK
netbox_1 | Applying ipam.0002_vrf_add_enforce_unique_squashed_0018_remove_service_uniqueness_constraint... OK
netbox_1 | Applying dcim.0023_devicetype_comments_squashed_0043_device_component_name_lengths... OK
netbox_1 | Applying virtualization.0001_virtualization... OK
netbox_1 | Applying ipam.0019_virtualization_squashed_0020_ipaddress_add_role_carp... OK
netbox_1 | Applying dcim.0044_virtualization_squashed_0055_virtualchassis_ordering... OK
netbox_1 | Applying dcim.0056_django2... OK
netbox_1 | Applying dcim.0057_tags... OK
netbox_1 | Applying dcim.0058_relax_rack_naming_constraints... OK
netbox_1 | Applying dcim.0059_site_latitude_longitude... OK
netbox_1 | Applying dcim.0060_change_logging... OK
netbox_1 | Applying dcim.0061_platform_napalm_args... OK
netbox_1 | Applying dcim.0062_interface_mtu... OK
netbox_1 | Applying dcim.0063_device_local_context_data... OK
netbox_1 | Applying dcim.0064_remove_platform_rpc_client... OK
netbox_1 | Applying dcim.0065_front_rear_ports... OK
netbox_1 | Applying circuits.0001_initial_squashed_0010_circuit_status... OK
netbox_1 | Applying dcim.0066_cables...
netbox_1 | Adding console connections... 0 cables created
netbox_1 | Adding power connections... 0 cables created
netbox_1 | Adding interface connections... 0 cables created
netbox_1 | OK
netbox_1 | Applying circuits.0011_tags... OK
netbox_1 | Applying circuits.0012_change_logging... OK
netbox_1 | Applying circuits.0013_cables...
netbox_1 | Adding circuit terminations... 0 cables created
netbox_1 | OK
netbox_1 | Applying circuits.0014_circuittermination_description... OK
netbox_1 | Applying dcim.0067_device_type_remove_qualifiers... OK
netbox_1 | Applying dcim.0068_rack_new_fields... OK
netbox_1 | Applying dcim.0069_deprecate_nullablecharfield... OK
netbox_1 | Applying tenancy.0004_tags... OK
netbox_1 | Applying tenancy.0005_change_logging... OK
netbox_1 | Applying extras.0001_initial_squashed_0010_customfield_filter_logic... OK
netbox_1 | Applying extras.0011_django2... OK
netbox_1 | Applying extras.0012_webhooks... OK
netbox_1 | Applying extras.0013_objectchange... OK
netbox_1 | Applying extras.0014_configcontexts... OK
netbox_1 | Applying extras.0015_remove_useraction... OK
netbox_1 | Applying extras.0016_exporttemplate_add_cable... OK
netbox_1 | Applying extras.0017_exporttemplate_mime_type_length... OK
netbox_1 | Applying ipam.0021_vrf_ordering... OK
netbox_1 | Applying ipam.0022_tags... OK
netbox_1 | Applying ipam.0023_change_logging... OK
netbox_1 | Applying ipam.0024_vrf_allow_null_rd... OK
netbox_1 | Applying secrets.0001_initial_squashed_0003_unicode_literals... OK
netbox_1 | Applying secrets.0004_tags... OK
netbox_1 | Applying secrets.0005_change_logging... OK
netbox_1 | Applying sessions.0001_initial... OK
netbox_1 | Applying users.0001_api_tokens_squashed_0002_unicode_literals... OK
netbox_1 | Applying users.0003_token_permissions... OK
netbox_1 | Applying virtualization.0002_virtualmachine_add_status_squashed_0004_virtualmachine_add_role... OK
netbox_1 | Applying virtualization.0005_django2... OK
netbox_1 | Applying virtualization.0006_tags... OK
netbox_1 | Applying virtualization.0007_change_logging... OK
netbox_1 | Applying virtualization.0008_virtualmachine_local_context_data... OK
netbox_1 | Username: admin, E-Mail: admin@example.com
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/000_users.py'
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/010_groups.py'
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/020_custom_fields.py'
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/030_regions.py'
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/040_sites.py'
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/050_manufacturers.py'
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/060_device_types.py'
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/070_rack_roles.py'
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/080_racks.py'
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/090_device_roles.py'
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/100_platforms.py'
netbox_1 | ⚙️ Executing '/opt/netbox/startup_scripts/110_devices.py'
netbox_1 | Traceback (most recent call last):
netbox_1 | File "./manage.py", line 10, in <module>
netbox_1 | execute_from_command_line(sys.argv)
netbox_1 | File "/usr/local/lib/python3.6/site-packages/django/core/management/__init__.py", line 381, in execute_from_command_line
netbox_1 | utility.execute()
netbox_1 | File "/usr/local/lib/python3.6/site-packages/django/core/management/__init__.py", line 375, in execute
netbox_1 | self.fetch_command(subcommand).run_from_argv(self.argv)
netbox_1 | File "/usr/local/lib/python3.6/site-packages/django/core/management/base.py", line 316, in run_from_argv
netbox_1 | self.execute(*args, **cmd_options)
netbox_1 | File "/usr/local/lib/python3.6/site-packages/django/core/management/base.py", line 353, in execute
netbox_1 | output = self.handle(*args, **options)
netbox_1 | File "/usr/local/lib/python3.6/site-packages/django/contrib/staticfiles/management/commands/collectstatic.py", line 167, in handle
netbox_1 | any(self.storage.listdir(destination_path))
netbox_1 | File "/usr/local/lib/python3.6/site-packages/django/core/files/storage.py", line 313, in listdir
netbox_1 | for entry in os.listdir(path):
netbox_1 | PermissionError: [Errno 13] Permission denied: '/opt/netbox/netbox/static'
netbox-docker_netbox_1 exited with code 1
audit.log does not update when I up the containers
Which seems odd to me since selinux is what's causing the issue.
Any chance you can spell out the changes you made in entirety to get this running? I've hit the same issue (permissions to configuration.py etc) when running on Redhat. I tried modifying the volumes mounted under netbox to use :Z in place of :z but no joy. I also tried adding "privileged: true" to each of the containers.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.