service-discover fails to start

Posted by: @dashohoxha

I get error messages like these:

Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.210Z [ERROR] agent.proxycfg: Failed to handle update from watch: service_id=carbonio-proxy-sidecar-proxy id=discovery-chain:carbonio-chats-messaging-xmpp error="error filling agent cache: Permission denied"
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.279Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-preview accessorID=
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.281Z [WARN]  agent: Check is now critical: check=service:carbonio-preview
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.341Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-files accessorID=
Feb 25 21:39:55 mail service-discoverd[72038]: message repeated 3 times: [ 2023-02-25T21:39:55.341Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-files accessorID=]
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.341Z [WARN]  agent.cache: handling error in Cache.Notify: cache-type=intention-match error="Permission denied" index=0
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.341Z [ERROR] agent.proxycfg: Failed to handle update from watch: service_id=carbonio-files-sidecar-proxy id=intentions error="error filling agent cache: Permission denied"
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.486Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-files accessorID=
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.961Z [WARN]  agent.cache: handling error in Cache.Notify: cache-type=compiled-discovery-chain error="Permission denied" index=0
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.961Z [ERROR] agent.proxycfg: Failed to handle update from watch: service_id=carbonio-mailbox-sidecar-proxy id=discovery-chain:carbonio-preview error="error filling agent cache: Permission denied"
Feb 25 21:39:56 mail service-discoverd[72038]: 2023-02-25T21:39:56.090Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-preview accessorID=

What could be the reason?

I am trying to install CarbonioCE on a docker container.

@dashohoxha

Hi,

We are sorry to inform you that currently docker container is not supported environment for Carbonio CE. We will definitely let our users know whenever it becomes supported environment for Carbonio CE. Till then please bear with us.

Thanks and regards,

Sharif

@sharif 

Thanks for the nice answer. But I have nothing to bear. I was just experimenting with Carbonio, and trying to help you if possible (why not). However you don't want to help me help you. Or most probably you can't, because you don't fully understand what goes on inside your system. I am an integrator myself and I understand that situation.

Sorry for not being diplomatic in my answer.

Dear @dashohoxha,

We are delighted that you are willing to help, sorry for giving the wrong impression. Please let us know how you'd like to contribute to the project.

About Docker, could you please provide more information on what you are doing, such as:

• What image are you using?
• Are you using podman or docker?
• What is the CLI command to execute?
• Other details you think are important.

I will report the information to the Dev Team.

Please, also consider that not being a supported platform, solving Carbonio CE problems with Docker is not a priority. If you want to try Carbonio CE I recommend using the supported platforms: https://docs.zextras.com/carbonio-ce/html/requirements.html

Best regards,

Arman

Posted by: @arman

We are delighted that you are willing to help, sorry for giving the wrong impression. Please let us know how you'd like to contribute to the project.

I will try to explain.
For myself, I install applications inside docker containers, so that I can manage them more easily. For each type of application there are also some bash scripts that help to build and to maintain the container for each application. For example, NextCloud is such an application, Discourse, Mastodon, Moodle, etc. Inside each docker container it is the `/sbin/init` process that is running (actually it is systemd), so these containers are like lightweight virtual machines, and usually there are several services inside them (not just one). There are some more details in these docs: https://docker-scripts.gitlab.io/

I was trying to build such a container for Carbonio CE as well, but I encountered the error messages above, and I have no clue about what is causing them and how to fix the problem. I was hoping that somebody here could give hints.

Posted by: @arman

Please, also consider that not being a supported platform, solving Carbonio CE problems with Docker is not a priority. If you want to try Carbonio CE I recommend using the supported platforms: https://docs.zextras.com/carbonio-ce/html/requirements.html

I understand that. I have already tried Carbonio CE on an LXD container, and it worked well. I actually don't need Carbonio CE, I was just testing it, and I was trying to make its installation easier (using a docker container and bash scripts).

@dashohoxha

Very interesting, and thank you very much for your detailed explanation.

Best regards,

Arman

### With systemd


**systemd** facilities are only available on podman images.


Run:


`podman run -u root --entrypoint=/sbin/init --hostname=carbonio.mail.local --add-host mail.local:127.0.0.1 -ti carbonio/ce-single-rhel8:23.3.0`


### Without systemd


A custom, on diet build of **monit** available (no libnsl run-time dependency)
[here]( https://github.com/M0Rf30/monit-custom-build)  is used as init hypervisor
when --entrypoint is not specified.


This trick allows to run more services in a single container, with no systemd
hard dependencies.


Run:


`podman run -u root --hostname=carbonio.mail.local --add-host mail.local:127.0.0.1 -ti carbonio/ce-single-rhel8:23.3.0`


Swap `podman` with `docker` in the line above to switch to Docker

within these containers service-discover should work as expected

### With systemd


**systemd** facilities are only available on podman images.


Run:


`podman run -u root --entrypoint=/sbin/init --hostname=carbonio.mail.local --add-host mail.local:127.0.0.1 -ti carbonio/ce-single-rhel8:23.3.0`


### Without systemd


A custom, on diet build of **monit** available (no libnsl run-time dependency)
[here]( https://github.com/M0Rf30/monit-custom-build)  is used as init hypervisor
when --entrypoint is not specified.


This trick allows to run more services in a single container, with no systemd
hard dependencies.


Run:

`podman run -u root --hostname=carbonio.mail.local --add-host mail.local:127.0.0.1 -ti carbonio/ce-single-rhel8:23.3.0`


Swap `podman` with `docker` in the line above to switch to Docker

You need to explicitly use `-u root` argument on images
usage. For now the only way to avoid it, is to call `/opt/zextras/bin/zmcontrol`
as entrypoint with `start` argument.

# using zextras user
podman run --entrypoint=/opt/zextras/bin/zmcontrol --hostname=carbonio.mail.local --add-host mail.local:127.0.0.1 -ti carbonio/ce-single-rhel8:23.3.0 start

## Known issues

### Ports allocation outside of containers

Rootless Podman can't allocate port numbers under 1024 on `podman-compose`
execution. To avoid root usage of podman and make use of ports, you can
temporarily apply (will not survive to reboot):

`sudo sysctl -w net.ipv4.ip_unprivileged_port_start=25`

and re-run the compose command.

ssh will be locally available on localhost:2222

You need to add your public key within the container in order to start using it.