service-discover fa...
 
Notifications
Clear all

service-discover fails to start

7 Posts
4 Users
0 Likes
686 Views
(@dashohoxha)
Joined: 1 year ago
Posts: 3
Topic starter  

I get error messages like these:

Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.210Z [ERROR] agent.proxycfg: Failed to handle update from watch: service_id=carbonio-proxy-sidecar-proxy id=discovery-chain:carbonio-chats-messaging-xmpp error="error filling agent cache: Permission denied"
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.279Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-preview accessorID=
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.281Z [WARN]  agent: Check is now critical: check=service:carbonio-preview
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.341Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-files accessorID=
Feb 25 21:39:55 mail service-discoverd[72038]: message repeated 3 times: [ 2023-02-25T21:39:55.341Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-files accessorID=]
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.341Z [WARN]  agent.cache: handling error in Cache.Notify: cache-type=intention-match error="Permission denied" index=0
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.341Z [ERROR] agent.proxycfg: Failed to handle update from watch: service_id=carbonio-files-sidecar-proxy id=intentions error="error filling agent cache: Permission denied"
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.486Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-files accessorID=
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.961Z [WARN]  agent.cache: handling error in Cache.Notify: cache-type=compiled-discovery-chain error="Permission denied" index=0
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.961Z [ERROR] agent.proxycfg: Failed to handle update from watch: service_id=carbonio-mailbox-sidecar-proxy id=discovery-chain:carbonio-preview error="error filling agent cache: Permission denied"
Feb 25 21:39:56 mail service-discoverd[72038]: 2023-02-25T21:39:56.090Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-preview accessorID=

What could be the reason?

I am trying to install CarbonioCE on a docker container.


   
Quote
(@sharif)
Admin
Joined: 2 years ago
Posts: 385
 
Posted by: @dashohoxha

I get error messages like these:

Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.210Z [ERROR] agent.proxycfg: Failed to handle update from watch: service_id=carbonio-proxy-sidecar-proxy id=discovery-chain:carbonio-chats-messaging-xmpp error="error filling agent cache: Permission denied"
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.279Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-preview accessorID=
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.281Z [WARN]  agent: Check is now critical: check=service:carbonio-preview
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.341Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-files accessorID=
Feb 25 21:39:55 mail service-discoverd[72038]: message repeated 3 times: [ 2023-02-25T21:39:55.341Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-files accessorID=]
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.341Z [WARN]  agent.cache: handling error in Cache.Notify: cache-type=intention-match error="Permission denied" index=0
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.341Z [ERROR] agent.proxycfg: Failed to handle update from watch: service_id=carbonio-files-sidecar-proxy id=intentions error="error filling agent cache: Permission denied"
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.486Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-files accessorID=
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.961Z [WARN]  agent.cache: handling error in Cache.Notify: cache-type=compiled-discovery-chain error="Permission denied" index=0
Feb 25 21:39:55 mail service-discoverd[72038]: 2023-02-25T21:39:55.961Z [ERROR] agent.proxycfg: Failed to handle update from watch: service_id=carbonio-mailbox-sidecar-proxy id=discovery-chain:carbonio-preview error="error filling agent cache: Permission denied"
Feb 25 21:39:56 mail service-discoverd[72038]: 2023-02-25T21:39:56.090Z [WARN]  agent.server.intentions: Operation on intention prefix denied due to ACLs: prefix=carbonio-preview accessorID=

What could be the reason?

I am trying to install CarbonioCE on a docker container.

@dashohoxha

Hi,

We are sorry to inform you that currently docker container is not supported environment for Carbonio CE. We will definitely let our users know whenever it becomes supported environment for Carbonio CE. Till then please bear with us.

Thanks and regards,

Sharif


   
ReplyQuote
(@dashohoxha)
Joined: 1 year ago
Posts: 3
Topic starter  

@sharif 

Thanks for the nice answer. But I have nothing to bear. I was just experimenting with Carbonio, and trying to help you if possible (why not). However you don't want to help me help you. Or most probably you can't, because you don't fully understand what goes on inside your system. I am an integrator myself and I understand that situation.

Sorry for not being diplomatic in my answer.


   
ReplyQuote
(@arman)
Admin
Joined: 3 years ago
Posts: 376
 

Dear @dashohoxha,

We are delighted that you are willing to help, sorry for giving the wrong impression. Please let us know how you'd like to contribute to the project.

About Docker, could you please provide more information on what you are doing, such as:

  • What image are you using?
  • Are you using podman or docker?
  • What is the CLI command to execute?
  • Other details you think are important.

I will report the information to the Dev Team.

Please, also consider that not being a supported platform, solving Carbonio CE problems with Docker is not a priority. If you want to try Carbonio CE I recommend using the supported platforms: https://docs.zextras.com/carbonio-ce/html/requirements.html

Best regards,

Arman


   
ReplyQuote
(@dashohoxha)
Joined: 1 year ago
Posts: 3
Topic starter  
Posted by: @arman

We are delighted that you are willing to help, sorry for giving the wrong impression. Please let us know how you'd like to contribute to the project.

I will try to explain.
For myself, I install applications inside docker containers, so that I can manage them more easily. For each type of application there are also some bash scripts that help to build and to maintain the container for each application. For example, NextCloud is such an application, Discourse, Mastodon, Moodle, etc. Inside each docker container it is the `/sbin/init` process that is running (actually it is systemd), so these containers are like lightweight virtual machines, and usually there are several services inside them (not just one). There are some more details in these docs: https://docker-scripts.gitlab.io/

I was trying to build such a container for Carbonio CE as well, but I encountered the error messages above, and I have no clue about what is causing them and how to fix the problem. I was hoping that somebody here could give hints.

Posted by: @arman

Please, also consider that not being a supported platform, solving Carbonio CE problems with Docker is not a priority. If you want to try Carbonio CE I recommend using the supported platforms: https://docs.zextras.com/carbonio-ce/html/requirements.html

I understand that. I have already tried Carbonio CE on an LXD container, and it worked well. I actually don't need Carbonio CE, I was just testing it, and I was trying to make its installation easier (using a docker container and bash scripts).


   
ReplyQuote
(@arman)
Admin
Joined: 3 years ago
Posts: 376
 

@dashohoxha

Very interesting, and thank you very much for your detailed explanation.

Best regards,

Arman


   
ReplyQuote
(@gboiano)
Joined: 3 years ago
Posts: 1
 
Hello @dashohoxha glad to meet you again after the events in Bolzano and Tirana.
So, first of all thank you for your information and ideas.

 

The supported platforms for Carbonio are those mentioned in the documentation, therefore, at least for now, I don't want to create expectations about container support.

 

Anyway, staying in terms of experimentation, I can give you some instructions on already existing material

 

### With systemd


**systemd** facilities are only available on podman images.


Run:


`podman run -u root --entrypoint=/sbin/init --hostname=carbonio.mail.local --add-host mail.local:127.0.0.1 -ti carbonio/ce-single-rhel8:23.3.0`


### Without systemd


A custom, on diet build of **monit** available (no libnsl run-time dependency)
[here]( https://github.com/M0Rf30/monit-custom-build)  is used as init hypervisor
when --entrypoint is not specified.


This trick allows to run more services in a single container, with no systemd
hard dependencies.


Run:


`podman run -u root --hostname=carbonio.mail.local --add-host mail.local:127.0.0.1 -ti carbonio/ce-single-rhel8:23.3.0`


Swap `podman` with `docker` in the line above to switch to Docker

Images are generated with packer and ansible

within these containers service-discover should work as expected

Best regards

### With systemd


**systemd** facilities are only available on podman images.


Run:


`podman run -u root --entrypoint=/sbin/init --hostname=carbonio.mail.local --add-host mail.local:127.0.0.1 -ti carbonio/ce-single-rhel8:23.3.0`


### Without systemd


A custom, on diet build of **monit** available (no libnsl run-time dependency)
[here]( https://github.com/M0Rf30/monit-custom-build)  is used as init hypervisor
when --entrypoint is not specified.


This trick allows to run more services in a single container, with no systemd
hard dependencies.


Run:

`podman run -u root --hostname=carbonio.mail.local --add-host mail.local:127.0.0.1 -ti carbonio/ce-single-rhel8:23.3.0`


Swap `podman` with `docker` in the line above to switch to Docker

You need to explicitly use `-u root` argument on images
usage. For now the only way to avoid it, is to call `/opt/zextras/bin/zmcontrol`
as entrypoint with `start` argument.

# using zextras user
podman run --entrypoint=/opt/zextras/bin/zmcontrol --hostname=carbonio.mail.local --add-host mail.local:127.0.0.1 -ti carbonio/ce-single-rhel8:23.3.0 start

## Known issues

### Ports allocation outside of containers

Rootless Podman can't allocate port numbers under 1024 on `podman-compose`
execution. To avoid root usage of podman and make use of ports, you can
temporarily apply (will not survive to reboot):

`sudo sysctl -w net.ipv4.ip_unprivileged_port_start=25`

and re-run the compose command.

ssh will be locally available on localhost:2222

You need to add your public key within the container in order to start using it.
This post was modified 1 year ago by Gianluca Boiano

   
ReplyQuote