Closed EibrielInv closed 8 years ago
Adding this to Dockerfile:
USER $MOD_WSGI_USER:$MOD_WSGI_GROUP
Dockerfile:
FROM grahamdumpleton/mod-wsgi-docker:python-3.4
WORKDIR /app
RUN pip install Flask
RUN pip install requests
RUN pip install pymongo
RUN pip install Flask-Babel
COPY . /app
RUN pybabel compile -d web_server/web_server/translations
RUN mod_wsgi-docker-build
EXPOSE 80
ENTRYPOINT [ "mod_wsgi-docker-start" ]
USER $MOD_WSGI_USER:$MOD_WSGI_GROUP
CMD [ "--working-directory", "web_server", \
"--url-alias", "/web_server/static", "static", \
"web_server.wsgi" ]
The log output is:
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
While I work out what I have overlooked in latest changes, set the 'uid' option when running 'docker'. Eg:
docker run --rm -u 33 -t test1
That is '-u 33'.
That I believe should let it run at least.
I have been making various changes lately to allow it to be run as a non root container. I thought I had checked that it would still worke as root, but I must have made some further change after doing that check which broke it.
I don't get the problem though when running with the USER
line in the Dockerfile
as you do, which should effectively be the equivalent of the -u
option on docker
. What is the docker run
command you are using? How are you using -p
option of docker run
to remap ports?
Thanks!
My docker create
command, it was working with an old cached version of mod_wsgi-docker
:
docker create --link=widudev_devmain_1:widudev_devmain_1 -l widudev_devweb_1 --name=widudev_devweb_1 -p=8080:80 widudev_devweb:latest
Sadly is not helping, it has the same effect as USER $MOD_WSGI_USER:$MOD_WSGI_GROUP
With -u 33 docker run --rm -u 33 -t widudev_devweb:latest
Server URL : http://localhost/
Server Root : /tmp/mod_wsgi-localhost:80:33
Server Conf : /tmp/mod_wsgi-localhost:80:33/httpd.conf
Error Log File : |/usr/bin/tee (warn)
Startup Log File : /dev/tty
Request Capacity : 5 (1 process * 5 threads)
Request Timeout : 60 (seconds)
Queue Backlog : 100 (connections)
Queue Timeout : 45 (seconds)
Server Capacity : 20 (event/worker), 20 (prefork)
Server Backlog : 500 (connections)
Locale Setting : en_US.UTF-8
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
Without -u 33 docker run --rm -t widudev_devweb:latest
Server URL : http://localhost/
Server Root : /tmp/mod_wsgi-localhost:80:0
Server Conf : /tmp/mod_wsgi-localhost:80:0/httpd.conf
Error Log File : /dev/stderr (warn)
Startup Log File : /dev/stderr
Request Capacity : 5 (1 process * 5 threads)
Request Timeout : 60 (seconds)
Queue Backlog : 100 (connections)
Queue Timeout : 45 (seconds)
Server Capacity : 20 (event/worker), 20 (prefork)
Server Backlog : 500 (connections)
Locale Setting : en_US.UTF-8
[Fri Oct 23 20:13:19.577633 2015] [mpm_event:notice] [pid 1:tid 139987040724736] AH00489: Apache/2.4.17 (Unix) mod_wsgi/4.4.21 Python/3.4.3 configured -- resuming normal operations
[Fri Oct 23 20:13:19.577735 2015] [wsgi:alert] [pid 21:tid 139987040724736] (2)No such file or directory: mod_wsgi (pid=21): Unable to set groups for uname=www-data and gid=33.
[Fri Oct 23 20:13:19.578001 2015] [wsgi:alert] [pid 21:tid 139987040724736] mod_wsgi (pid=21): Failure to configure the daemon process correctly and process left in unspecified state. Restarting daemon process after delay.
[Fri Oct 23 20:13:19.578232 2015] [core:notice] [pid 1:tid 139987040724736] AH00094: Command line: 'httpd (mod_wsgi-express) -f /tmp/mod_wsgi-localhost:80:0/httpd.conf -E /dev/stderr -D MOD_WSGI_COMPRESS_RESPONSES -D MOD_WSGI_MPM_ENABLE_EVENT_MODULE -D MOD_WSGI_MPM_EXISTS_EVENT_MODULE -D MOD_WSGI_MPM_EXISTS_WORKER_MODULE -D MOD_WSGI_MPM_EXISTS_PREFORK_MODULE -D FOREGROUND'
[Fri Oct 23 20:13:19.578072 2015] [unixd:alert] [pid 22:tid 139987040724736] (2)No such file or directory: AH02157: initgroups: unable to set groups for User www-data and Group 33
[Fri Oct 23 20:13:39.598099 2015] [wsgi:alert] [pid 35:tid 139987040724736] (2)No such file or directory: mod_wsgi (pid=35): Unable to set groups for uname=www-data and gid=33.
[Fri Oct 23 20:13:39.598899 2015] [wsgi:alert] [pid 35:tid 139987040724736] mod_wsgi (pid=35): Failure to configure the daemon process correctly and process left in unspecified state. Restarting daemon process after delay.
Try with a really plain Dockerfile
of:
FROM grahamdumpleton/mod-wsgi-docker:python-3.4
WORKDIR /app
RUN mod_wsgi-docker-build
EXPOSE 80
ENTRYPOINT [ "mod_wsgi-docker-start" ]
USER $MOD_WSGI_USER:$MOD_WSGI_GROUP
See if that at least works with:
docker run --rm -t test1
No -u
option required.
The output:
Server URL : http://localhost/
Server Root : /tmp/mod_wsgi-localhost:80:33
Server Conf : /tmp/mod_wsgi-localhost:80:33/httpd.conf
Error Log File : |/usr/bin/tee (warn)
Startup Log File : /dev/tty
Request Capacity : 5 (1 process * 5 threads)
Request Timeout : 60 (seconds)
Queue Backlog : 100 (connections)
Queue Timeout : 45 (seconds)
Server Capacity : 20 (event/worker), 20 (prefork)
Server Backlog : 500 (connections)
Locale Setting : en_US.UTF-8
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
If I add the line RUN setcap 'cap_net_bind_service=+ep' /usr/local/apache/bin/httpd
after RUN mod_wsgi-docker-build
returns the following error:
Step 3 : RUN setcap 'cap_net_bind_service=+ep' /usr/local/apache/bin/httpd
---> Running in d683efa04d05
Failed to set capabilities on file `/usr/local/apache/bin/httpd' (Invalid argument)
The value of the capability argument is not permitted for a file. Or the file is not a regular (non-symlink) file
INFO[0016] The command [/bin/sh -c setcap 'cap_net_bind_service=+ep' /usr/local/apache/bin/httpd] returned a non-zero code: 1
Maybe is related?
I've found the problem: fcap is not supported on AUFS, the storage backend used by Docker in my current configuration.
docker info | grep Driver
returns
Storage Driver: aufs
Execution Driver: native-0.2
WARNING: No swap limit support
I'll need some other way to bind to the ports
I will have a new image for you to try soon. Part of the problem relates to nss_wrapper library not working when used from root.
Try pulling down the latest image now. Don't use USER
in the Dockerfile
nor the -u
option to docker run
.
Even if that works, can you then try with USER
in the Dockerfile
so I know whether that makes a difference in that case.
Without -u
docker run --rm -t test1
/usr/local/bin/mod_wsgi-docker-start: line 57: $NSS_WRAPPER_PASSWD: ambiguous redirect
/usr/local/bin/mod_wsgi-docker-start: line 58: $NSS_WRAPPER_GROUP: ambiguous redirect
/usr/local/bin/mod_wsgi-docker-start: line 60: $NSS_WRAPPER_PASSWD: ambiguous redirect
/usr/local/bin/mod_wsgi-docker-start: line 61: $NSS_WRAPPER_GROUP: ambiguous redirect
Server URL : http://localhost/
Server Root : /tmp/mod_wsgi-localhost:80:0
Server Conf : /tmp/mod_wsgi-localhost:80:0/httpd.conf
Error Log File : /dev/stderr (warn)
Startup Log File : /dev/stderr
Request Capacity : 5 (1 process * 5 threads)
Request Timeout : 60 (seconds)
Queue Backlog : 100 (connections)
Queue Timeout : 45 (seconds)
Server Capacity : 20 (event/worker), 20 (prefork)
Server Backlog : 500 (connections)
Locale Setting : en_US.UTF-8
[Fri Oct 23 22:50:32.748339 2015] [mpm_event:notice] [pid 1:tid 139685207697152] AH00489: Apache/2.4.17 (Unix) mod_wsgi/4.4.21 Python/3.4.3 configured -- resuming normal operations
[Fri Oct 23 22:50:32.748863 2015] [core:notice] [pid 1:tid 139685207697152] AH00094: Command line: 'httpd (mod_wsgi-express) -f /tmp/mod_wsgi-localhost:80:0/httpd.conf -E /dev/stderr -D MOD_WSGI_MPM_ENABLE_EVENT_MODULE -D MOD_WSGI_MPM_EXISTS_EVENT_MODULE -D MOD_WSGI_MPM_EXISTS_WORKER_MODULE -D MOD_WSGI_MPM_EXISTS_PREFORK_MODULE -D FOREGROUND'
With -u
docker run --rm -u 33 -t test1
/usr/local/bin/mod_wsgi-docker-start: line 57: $NSS_WRAPPER_PASSWD: ambiguous redirect
/usr/local/bin/mod_wsgi-docker-start: line 58: $NSS_WRAPPER_GROUP: ambiguous redirect
/usr/local/bin/mod_wsgi-docker-start: line 60: $NSS_WRAPPER_PASSWD: ambiguous redirect
/usr/local/bin/mod_wsgi-docker-start: line 61: $NSS_WRAPPER_GROUP: ambiguous redirect
NWRAP_ERROR(1) - nwrap_files_cache_reload: Unable to open '/.whiskey/passwd' readonly -1:No such file or directory
NWRAP_ERROR(1) - nwrap_files_cache_reload: Unable to open '/.whiskey/passwd' readonly -1:No such file or directory
Server URL : http://localhost/
Server Root : /tmp/mod_wsgi-localhost:80:33
Server Conf : /tmp/mod_wsgi-localhost:80:33/httpd.conf
Error Log File : |/usr/bin/tee (warn)
Startup Log File : /dev/tty
Request Capacity : 5 (1 process * 5 threads)
Request Timeout : 60 (seconds)
Queue Backlog : 100 (connections)
Queue Timeout : 45 (seconds)
Server Capacity : 20 (event/worker), 20 (prefork)
Server Backlog : 500 (connections)
Locale Setting : en_US.UTF-8
NWRAP_ERROR(1) - nwrap_files_cache_reload: Unable to open '/.whiskey/passwd' readonly -1:No such file or directory
NWRAP_ERROR(1) - nwrap_files_cache_reload: Unable to open '/.whiskey/passwd' readonly -1:No such file or directory
AH00543: httpd (mod_wsgi-express): bad user name www-data
Is working now using root :+1:
That will teach me to test before committing. I couldn't download huge amounts of date to rebuild properly locally where I am. Try pulling again and try both tests.
Without -u 33
docker run --rm -t test1
Server URL : http://localhost/
Server Root : /tmp/mod_wsgi-localhost:80:0
Server Conf : /tmp/mod_wsgi-localhost:80:0/httpd.conf
Error Log File : /dev/stderr (warn)
Startup Log File : /dev/stderr
Request Capacity : 5 (1 process * 5 threads)
Request Timeout : 60 (seconds)
Queue Backlog : 100 (connections)
Queue Timeout : 45 (seconds)
Server Capacity : 20 (event/worker), 20 (prefork)
Server Backlog : 500 (connections)
Locale Setting : en_US.UTF-8
[Sat Oct 24 15:16:31.653556 2015] [mpm_event:notice] [pid 1:tid 140043874408192] AH00489: Apache/2.4.17 (Unix) mod_wsgi/4.4.21 Python/3.4.3 configured -- resuming normal operations
[Sat Oct 24 15:16:31.653995 2015] [core:notice] [pid 1:tid 140043874408192] AH00094: Command line: 'httpd (mod_wsgi-express) -f /tmp/mod_wsgi-localhost:80:0/httpd.conf -E /dev/stderr -D MOD_WSGI_MPM_ENABLE_EVENT_MODULE -D MOD_WSGI_MPM_EXISTS_EVENT_MODULE -D MOD_WSGI_MPM_EXISTS_WORKER_MODULE -D MOD_WSGI_MPM_EXISTS_PREFORK_MODULE -D FOREGROUND'
With -u 33
run --rm -u 33 -t test1
Server URL : http://localhost/
Server Root : /tmp/mod_wsgi-localhost:80:33
Server Conf : /tmp/mod_wsgi-localhost:80:33/httpd.conf
Error Log File : |/usr/bin/tee (warn)
Startup Log File : /dev/tty
Request Capacity : 5 (1 process * 5 threads)
Request Timeout : 60 (seconds)
Queue Backlog : 100 (connections)
Queue Timeout : 45 (seconds)
Server Capacity : 20 (event/worker), 20 (prefork)
Server Backlog : 500 (connections)
Locale Setting : en_US.UTF-8
(13)Permission denied: AH00072: make_sock: could not bind to address [::]:80
(13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:80
no listening sockets available, shutting down
AH00015: Unable to open logs
The could not bind to address
error is ok, because will never work for me, using aufs
storage driver is not possible to grant capabilities.
I don't know if you want to close the issue, or we can try to find a workaround.
I am using aufs so I should be able to duplicate it then.
$ docker info | grep Driver
Storage Driver: aufs
Execution Driver: native-0.2
Logging Driver: json-file
I will risk the big downloads of a rebuild to see if can replicate again.
No go. Can't pull base images from Docker hub where I am for some reason. Will need to wait until tomorrow.
What Docker version is being used?
Still can't replicate even though using aufs.
OS: Ubuntu 14.04.3 LTS (GNU/Linux 3.13.0-24-generic x86_64)
on a Cloud Server (Virtual Machine)
Docker:
Client version: 1.6.2
Client API version: 1.18
Go version (client): go1.4.2
Git commit (client): 7c8fca2
OS/Arch (client): linux/amd64
Server version: 1.6.2
Server API version: 1.18
Go version (server): go1.4.2
Git commit (server): 7c8fca2
OS/Arch (server): linux/amd64
I am using:
Client:
Version: 1.8.2
API version: 1.20
Go version: go1.4.2
Git commit: 0a8c2e3
Built: Thu Sep 10 19:10:10 UTC 2015
OS/Arch: darwin/amd64
Server:
Version: 1.8.3
API version: 1.20
Go version: go1.4.2
Git commit: f4bf5c7
Built: Mon Oct 12 18:01:15 UTC 2015
OS/Arch: linux/amd64
So newer version of Docker.
My Synology NAS box uses Docker 1.6.2, so will try there and see if it works.
Confirmed that this problem occurs on Docker 1.6.2 but does not occur with Docker 1.8.2.
Great, I'll upgrade then!
Thanks!!!!
Hi! After upgrading the image to last version (build bqv2jirxqyhwkruy9wwwdpf) of grahamdumpleton/mod-wsgi-docker:python-3.4, I'm getting:
My Dockerfile (widudev_devweb):
To upgrade I run: