search

MatthewVance / unbound-docker-rpi

Run Unbound with latest version of OpenSSL on Raspberry Pi with Docker.
MIT License
136 stars 23 forks source link

v1.13.2 > Fatal Errors for Previously Working Container #22

Closed rmartin16 closed 2 years ago

rmartin16 commented 2 years ago

Hello, been using this for a while without any real issues. I woke up today to this and I'm kinda stumped.

docker log following start up without a volume mount

Attaching to unbound
unbound       | cp: preserving times for '/opt/unbound/etc/unbound/dev/random': Operation not permitted
unbound       | cp: preserving times for '/opt/unbound/etc/unbound/dev/urandom': Operation not permitted
unbound       | cp: preserving times for '/opt/unbound/etc/unbound/dev/null': Operation not permitted
unbound       | [0] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:dc3::35 port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:12::d0d port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:dc3::35 port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:dc3::35 port 53
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:503:c27::2:30 port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:a8::e port 53
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:12::d0d port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:a8::e port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:503:ba3e::2:30 port 53
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:2::c port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:7fd::1 port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:a8::e port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:a8::e port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:2d::d port 53
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:2::c port 53
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:500:200::b port 53
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:503:ba3e::2:30 port 53
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: udp connect failed: Cannot assign requested address for 2001:7fd::1 port 53
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [-1229221427] libunbound[19:0] error: gettimeofday: Operation not permitted
unbound       | [0] unbound[1:0] error: gettimeofday: Operation not permitted
unbound       | [-1226874419] unbound[1:0] error: Could not open logfile /dev/null: Permission denied
unbound       | [-1226874419] unbound[1:0] error: gettimeofday: Operation not permitted
unbound       | [-1226131057] unbound[1:1] error: gettimeofday: Operation not permitted
unbound       | [-1226874419] unbound[1:2] error: gettimeofday: Operation not permitted
unbound       | [-1226874419] unbound[1:0] info: start of service (unbound 1.13.2).

docker-compose

   unbound:
     container_name: unbound
     image: mvance/unbound-rpi
     volumes:
       - ./config/unbound:/opt/unbound/etc/unbound/
     networks:
       dns_net:
         ipv4_address: 172.23.1.51
     restart: unless-stopped

I've tried re-creating the containers. I tried without the volume mount. I keep getting the same errors. I'm far from a docker expert, though.

Do you have any ideas or thoughts that might help point me in the right direction? TIA.

rmartin16 commented 2 years ago

I was able to mitigate the errors by reverting back to v1.13.1. I run pihole in HA setup (via keepalived) between two raspberry pi 4bs...primary is 2gb and secondary is 8gb (and does a bunch of other stuff). the secondary pi ostensibly handled the upgrade fine....its the primary pi that can't run unbound v1.13.2.....even when unbound is isolated without any docker switches or volumes. both are running Raspbian GNU/Linux 10 (buster).

MatthewVance commented 2 years ago

I’m wondering if it’s because 1.13.2 and latest are running Debian Bullseye. I had issues with Bullseye and Docker on my Pi until I upgraded Raspbian to the latest release. 1.13.1 is still on Buster.

On Nov 26, 2021, at 2:13 PM, Russell Martin @.***> wrote:

 I was able to mitigate the errors by reverting back to v1.13.1. I run pihole in HA setup (via keepalived) between two raspberry pi 4bs...primary is 2gb and secondary is 8gb (and does a bunch of other stuff). the secondary pi ostensibly handled the upgrade fine....its the primary pi that can't run unbound v1.13.2.....even when unbound is isolated without any docker switches or volumes. both are running Raspbian GNU/Linux 10 (buster).

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.

rmartin16 commented 2 years ago

Ahhh...ok. Thank you. That made me go down a few rabbit holes I skipped earlier since they didn't seem related....but if the image is using a different release, then i begin to think the pi had an old library and some of the system calls were failing.

It appears gettimeofday is related to libseccomp. Comparing the version of this lib on both Pis shows my 2gb is using an older version.....it was probably upgraded on the 8gb from unrelated activities. Nonetheless, I ran the commands below (that i found here) to upgrade libseccomp.

# Get signing keys to verify the new packages, otherwise they will not install
rpi ~$ sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 04EE7237B7D453EC 648ACFD622F3D138

# Add the Buster backport repository to apt sources.list
rpi ~$ echo 'deb http://httpredir.debian.org/debian buster-backports main contrib non-free' | sudo tee -a /etc/apt/sources.list.d/debian-backports.list

rpi ~$ sudo apt update
rpi ~$ sudo apt install libseccomp2 -t buster-backports

Posting for posterity. YMMV.

Thank you @MatthewVance for maintaining this :)

luc-ass commented 2 years ago

@rmartin16 thank you for your help. My Pi needed a restart but now everything is up and running.

MatthewVance commented 2 years ago

@rmartin16 thanks for sharing this on here.

bennyzen commented 2 years ago

Adding the backports repo and installing libseccomp2 did not do the trick for me. So I decided to go down the hard way and upgrade to bullseye by editing the /etc/apt/sources.list file. Now I'm able to run the latest versions of unbound-docker-rpi without any problem.

Thanks for pointing me into the right direction.

MatthewVance commented 2 years ago

Thanks for letting me know. I'm glad you got it working.