themis 怎么配置，请up主完善配置文档

hhyo commented 5 years ago

麻烦提供下具体错误日志

flyingonthebed commented 5 years ago

[2019-01-08 17:40:57,525][MainThread:140307578632000][task_id:django.request][exception.py:118][ERROR]- Internal Server Error: /themis/s qlreview/rule/infoTraceback (most recent call last): File "/opt/venv4archery/lib/python3.6/site-packages/django/core/handlers/exception.py", line 35, in inner response = get_response(request) File "/opt/venv4archery/lib/python3.6/site-packages/django/core/handlers/base.py", line 128, in _get_response response = self.process_exception_by_middleware(e, request) File "/opt/venv4archery/lib/python3.6/site-packages/django/core/handlers/base.py", line 126, in _get_response response = wrapped_callback(request, *callback_args, callback_kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/views/generic/base.py", line 69, in view return self.dispatch(request, *args, *kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 52, in dispatch return super().dispatch(request, args, kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 85, in dispatch return super().dispatch(request, *args, kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/views/generic/base.py", line 89, in dispatch return handler(request, *args, *kwargs) File "/opt/archery/themis/utils/jsonres.py", line 12, in _jsonRes response = func(request, args, kwargs) File "/opt/archery/themis/views.py", line 150, in get for value in results: File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/cursor.py", line 1189, in next if len(self.data) or self._refresh(): File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/cursor.py", line 1087, in _refresh self.session = self.collection.database.client._ensure_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1558, in _ensure_session return self.__start_session(True, causal_consistency=False) File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1511, in start_session server_session = self._get_server_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1544, in _get_server_session return self._topology.get_server_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/topology.py", line 427, in get_server_session None) File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/topology.py", line 199, in _select_servers_loop self._error_message(selector)) pymongo.errors.ServerSelectionTimeoutError: 127.0.0.1:27017: [Errno 111] Connection refused Internal Server Error: /themis/sqlreview/rule/info Traceback (most recent call last): File "/opt/venv4archery/lib/python3.6/site-packages/django/core/handlers/exception.py", line 35, in inner response = get_response(request) File "/opt/venv4archery/lib/python3.6/site-packages/django/core/handlers/base.py", line 128, in _get_response response = self.process_exception_by_middleware(e, request) File "/opt/venv4archery/lib/python3.6/site-packages/django/core/handlers/base.py", line 126, in _get_response response = wrapped_callback(request, *callback_args, callback_kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/views/generic/base.py", line 69, in view return self.dispatch(request, *args, *kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 52, in dispatch return super().dispatch(request, args, kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 85, in dispatch return super().dispatch(request, *args, kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/views/generic/base.py", line 89, in dispatch return handler(request, *args, *kwargs) File "/opt/archery/themis/utils/jsonres.py", line 12, in _jsonRes response = func(request, args, kwargs) File "/opt/archery/themis/views.py", line 150, in get for value in results: File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/cursor.py", line 1189, in next if len(self.data) or self._refresh(): File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/cursor.py", line 1087, in _refresh self.session = self.collection.database.client._ensure_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1558, in _ensure_session return self.__start_session(True, causal_consistency=False) File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1511, in start_session server_session = self._get_server_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1544, in _get_server_session return self._topology.get_server_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/topology.py", line 427, in get_server_session None) File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/topology.py", line 199, in _select_servers_loop self._error_message(selector)) pymongo.errors.ServerSelectionTimeoutError: 127.0.0.1:27017: [Errno 111] Connection refused ERROR:django.request:Internal Server Error: /themis/sqlreview/rule/info Traceback (most recent call last): File "/opt/venv4archery/lib/python3.6/site-packages/django/core/handlers/exception.py", line 35, in inner response = get_response(request) File "/opt/venv4archery/lib/python3.6/site-packages/django/core/handlers/base.py", line 128, in _get_response response = self.process_exception_by_middleware(e, request) File "/opt/venv4archery/lib/python3.6/site-packages/django/core/handlers/base.py", line 126, in _get_response response = wrapped_callback(request, *callback_args, callback_kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/views/generic/base.py", line 69, in view return self.dispatch(request, *args, *kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 52, in dispatch return super().dispatch(request, args, kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 85, in dispatch return super().dispatch(request, *args, kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/views/generic/base.py", line 89, in dispatch return handler(request, *args, *kwargs) File "/opt/archery/themis/utils/jsonres.py", line 12, in _jsonRes response = func(request, args, kwargs) File "/opt/archery/themis/views.py", line 150, in get for value in results: File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/cursor.py", line 1189, in next if len(self.data) or self._refresh(): File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/cursor.py", line 1087, in _refresh self.session = self.collection.database.client._ensure_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1558, in _ensure_session return self.__start_session(True, causal_consistency=False) File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1511, in start_session server_session = self._get_server_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1544, in _get_server_session return self._topology.get_server_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/topology.py", line 427, in get_server_session None) File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/topology.py", line 199, in _select_servers_loop self._error_message(selector)) pymongo.errors.ServerSelectionTimeoutError: 127.0.0.1:27017: [Errno 111] Connection refused ERROR:default:Traceback (most recent call last): File "/opt/venv4archery/lib/python3.6/site-packages/django/core/handlers/base.py", line 126, in _get_response response = wrapped_callback(request, *callback_args, callback_kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/views/generic/base.py", line 69, in view return self.dispatch(request, *args, *kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 52, in dispatch return super().dispatch(request, args, kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/contrib/auth/mixins.py", line 85, in dispatch return super().dispatch(request, *args, kwargs) File "/opt/venv4archery/lib/python3.6/site-packages/django/views/generic/base.py", line 89, in dispatch return handler(request, *args, *kwargs) File "/opt/archery/themis/utils/jsonres.py", line 12, in _jsonRes response = func(request, args, kwargs) File "/opt/archery/themis/views.py", line 150, in get for value in results: File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/cursor.py", line 1189, in next if len(self.data) or self._refresh(): File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/cursor.py", line 1087, in _refresh self.session = self.collection.database.client._ensure_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1558, in _ensure_session return self.__start_session(True, causal_consistency=False) File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1511, in start_session server_session = self._get_server_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/mongo_client.py", line 1544, in _get_server_session return self._topology.get_server_session() File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/topology.py", line 427, in get_server_session None) File "/opt/venv4archery/lib/python3.6/site-packages/pymongo/topology.py", line 199, in _select_servers_loop self._error_message(selector)) pymongo.errors.ServerSelectionTimeoutError: 127.0.0.1:27017: [Errno 111] Connection refused

hhyo commented 5 years ago

无法访问mongodb，如果是采取docker部署的archery，127.0.0.1是指容器本身而不是宿主机，如果多个容器在一个docker网络内，可以使用容器名作为host连接。

flyingonthebed commented 5 years ago

我在 archery-1.3.8/archery/settings.py 中配置了docker 地址 172.21.0.1 default 可是仍然收到如下提示 pymongo.errors.ServerSelectionTimeoutError: 127.0.0.1:27017: [Errno 111] Connection refused

mongodb 用户 themins 权限 default

default

hhyo commented 5 years ago

修改配置文件需要重启容器
宿主机docker之间虽然默认是桥接模式，但又和一般理解的桥接存在有差异，不在一个docker网络下的容器之间是不互通的，可以使用docker network 查看网络信息，在容器创建时使用--network 参数，使容器网络在一个docker网络下，要么link容器，或者端口映射到宿主机，配置宿主机ip，推荐前者

flyingonthebed commented 5 years ago

docker-compose 默认启动的，还需要删了重新建？为什么 yaml文件中不提前配置好？privilegs 参数也没有。

hhyo commented 5 years ago

哦，docker-compose启动的，那很是抱歉最开始没有问你启动方式，docker-compose启动默认是一个桥接网络下，参考压缩包里面的默认配置使用容器名作为host就好

# themis审核所需mongodb数据库，账号角色必须有"anyAction" to "anyResource"权限
MONGODB_DATABASES = {
    "default": {
        "NAME": 'themis',
        "USER": 'root',
        "PASSWORD": '123456',
        "HOST": 'mongo',
        "PORT": 27017,
    },
}

你上面配置容器IP还是无法连接，因为那不是具体容器ip，是Gateway地址，具体查看方式如下，

[root@localhost ~]# docker network ls
NETWORK ID          NAME                DRIVER              SCOPE
ba2b70159752        archery_default     bridge              local
4272392ccb53        bridge              bridge              local
2d6cd9a1a355        host                host                local
366a753a3393        none                null                local

[root@localhost ~]# docker network inspect archery_default
[
    {
        "Name": "archery_default",
        "Id": "ba2b70159752cf35d80a227eb3bd0f5ca2a9ed5c266a547e9c39fe9b414f238b",
        "Created": "2018-11-27T17:52:14.085433744+08:00",
        "Scope": "local",
        "Driver": "bridge",
        "EnableIPv6": false,
        "IPAM": {
            "Driver": "default",
            "Options": null,
            "Config": [
                {
                    "Subnet": "172.19.0.0/16",
                    "Gateway": "172.19.0.1"
                }
            ]
        },
        "Internal": false,
        "Attachable": true,
        "Containers": {
            "0e2e162b7f605d5a6027dbcce08b5b0ea420fa13bdc0245b76eeba635ab00468": {
                "Name": "archery",
                "EndpointID": "7b34fc4e6515c3fa6cd47939bc83cdfa4bd7b94d4e3cd67f221fcb04aa7766f4",
                "MacAddress": "02:42:ac:13:00:04",
                "IPv4Address": "172.19.0.4/16",
                "IPv6Address": ""
            },
            "4cf4ff6a22d47d47b11948554dacef17da101081bfe6aa7bb9003641a717da41": {
                "Name": "archer",
                "EndpointID": "6ef74b7450cb221ce2a43bbb56a52f7fbc7bea7aa4d1ff1d88c1f863e16f5f9f",
                "MacAddress": "02:42:ac:13:00:03",
                "IPv4Address": "172.19.0.3/16",
                "IPv6Address": ""
            },
            "6b3b6ff354a3416e7da26ae028ca2b7c73dfe88303a9a21eea20ccc424312124": {
                "Name": "mongo",
                "EndpointID": "3c9794271cbe85569d1b45f83e02b127643138e2e755bfc64fa0eafa35e49dda",
                "MacAddress": "02:42:ac:13:00:06",
                "IPv4Address": "172.19.0.6/16",
                "IPv6Address": ""
            },
            "6d759fc6b8a7c00ae4dbfa5cc46c7d27dc33322f6cdca70aaba9f1bdfef24d51": {
                "Name": "inception",
                "EndpointID": "ef244984bd2e9cc444ad760c77ee425ecaae9c701cdb33071ad01c7e52c63f93",
                "MacAddress": "02:42:ac:13:00:02",
                "IPv4Address": "172.19.0.2/16",
                "IPv6Address": ""
            },
            "a31d3b69b243a04309b4880dd0594721ba8f241096e4a37dd63b451a21997d57": {
                "Name": "mysql",
                "EndpointID": "aed6107b7c8018c89c2c26c90c92294e0d12b60b508c40eb9e3c1206c4e320e0",
                "MacAddress": "02:42:ac:13:00:05",
                "IPv4Address": "172.19.0.5/16",
                "IPv6Address": ""
            },
            "b3114b7f0134d67ce8ec7041067e845d841c3132c282bf06ff41f1325467944c": {
                "Name": "redis",
                "EndpointID": "48228cec1883a8d1b8196a694a72d4ae3b695b50e3e43d9c438dbe212b0ec6c9",
                "MacAddress": "02:42:ac:13:00:07",
                "IPv4Address": "172.19.0.7/16",
                "IPv6Address": ""
            }
        },
        "Options": {},
        "Labels": {
            "com.docker.compose.network": "default",
            "com.docker.compose.project": "archery",
            "com.docker.compose.version": "1.22.0"
        }
    }
]

"IPv4Address": "172.19.0.6"才是具体容器ip

关于容器删了重新建

压缩包里面的配置之所以把数据和日志目录都映射出来，就是为了方便升级和部署，这也符合docker的使用场景，附上简单重建命令

docker-compose -f docker-compose.yml stop archery
docker-compose -f docker-compose.yml rm archery
docker-compose -f docker-compose.yml up -d archery

关于--privileged参数

运行的配置仅做参考，privileged以及是否自动重启等按照自身需求自定义就好

关于文档

现在项目确实文档不够完善，WIKI是开放编辑的就是希望大家可以一起维护，将自己部署或者使用的坑都可以补充到WIKI页面

flyingonthebed commented 5 years ago

解答很细致，先谢谢啦。 docker部分我不太熟悉，所以鼓捣起来也是很费解，感觉这块很绕。等我鼓捣好了，更新一下Wiki。

hhyo / Archery